You are not logged in.

Dear visitor, welcome to krpano.com Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

1

Wednesday, June 6th 2018, 11:24pm

Show panoramas only on permitted sites

Hi. I've tried to search for an answer to this but not sure if I've found the right one.

All my panos are hosted on mydomain.com. I give my clients access to their panos via an iframe so they can embed on their own websites (clientdomain.com). Is there a way to limit the display of the panos to only mydomain.com and clientdomain.com? At present it's very easy for my clients to just share the iframe code I give them to other 3rd parties that have not licensed the panos.

Will using the "Limit Domains" function in the Protect Tool solve this for me even when using iFrames?

Thanks for any help
Thomas

2

Friday, October 12th 2018, 5:45pm

When content is displayed through iframe, krpano will only get the domain name from the src attribute of the iframe, which will be your domain.
You should disable iframing of your site content through 'X-Frame-Options' header of apache web server. You should be able to white list the domains that you want allow iframes on through that header.
Or, you can try using javascript to verify domain name before allowing your tour to be displayed in iframe. Something like this:

Quoted

if (self === top) {
show_tour();
}
else {
if (top.location.hostName === 'your-client-domain.com') {
show_tour();
}
else {
do_not_show_tour();
}

}