Prevent your Site from being used in an iframe

Often as a security measure, it can be a good idea to prevent your site from being put within an iframe. This is a measure to prevent against click-jacking. It’s well supported in most of today’s web browsers – with support for: Chrome 4+Firefox 1.9+IE8+ This can be done by setting the HTTP header X-Frame-Options. Htaccess Header set X-Frame-Options DENY or in PHP <?php header(‘X-Frame-Options: Deny’); If you try and load the site with this header present, within Firefox you … Continued


How to Force the Download of a File with HTTP Headers and PHP

It’s quite a common scenario with the web to want to force a file to download, instead of allowing the browser to open it. This can apply to images, pdfs, html, anything a web browser can open (which is more and more these days). To accomplish this, we need to set some http response headers: Content-Type: application/octet-stream Content-Disposition: attachment; filename=”test.txt” Within PHP was can do this with a function like: function forceDownload($filename, $type = “application/octet-stream”) { header(‘Content-Type: ‘.$type.’; charset=utf-8′); header(‘Content-Disposition: … Continued


Enabling HTTP/2 Support on Apache2 and PHP

I’ve been a keen follower of the exciting changes to the HTTP specification over the past few years – with the release of the HTTP/2 standard in 2015 (after it evolved from the spdy project). If you’re unfamiliar with http/2 there are some great videos available which outline exactly what it is and how it is different from http 1.1 – which we’ve been so accustomed to over the years. In light of these changes and of the ever increasing … Continued


Direct Upload to S3 (using AWS Signature v4 & PHP)

The contents of this article has been replaced by a PHP Composer package, hope you find it useful.   View on Github This article is specifically about directly uploading files to S3 using the AWS Signature Version 4, which is mandatory for new S3 regions, like Frankfurt (EU). It will also become required on other regions at some point as Amazon migrate over, so it’s recommended to use this method where ever possible. For more info, you can read about … Continued




Direct Upload to S3 (with a little help from jQuery) [Updated]

The contents of this article has been replaced by a PHP Composer package, hope you find it useful.   View on Github Whist working on a new web app recently, running on Heroku, we wanted users to be able to upload large files (I’m talking 50mb-150mb) onto our site. We started by having the standard html form post the data to our back-end code, which processed it, etc, etc. This was fine for small files, but large files would hit … Continued