Conditionally Serving A Logo To A Remote Site

I am attempting to create a code snippet for a specific group of people that have earned the right to put our seal on their website. The idea seemed simple enough at first until I

Solution 1:

I would not use javascript for that and definitely not require all these sites to include jquery.

If you are using php, the easiest thing is to serve an image from a php file. The image would look like:

<imgsrc="http://yoursite.com/image.php?request_id=XXXX">

and you make a php script that serves an image based on the request_id.

You would have to read an image from your server in php and serve it with a header("Content-type: image/jpeg") (in case of a jpeg...).

If you have an image in a variable, the output (for a jpeg...) would simply be something like:

header("Content-type: image/jpeg");
imagejpeg ($image);

Solution 2:

You would have a script on your side for the jpg that tests the HTTP_REFERRER property.

then the client would simply load:

<imgsrc="http://yourweb-site.com/logo.php?id=clientid"/>

http://www.electrictoolbox.com/php-http-referer-variable/

Solution 3:

as it is written in jQuery's docs

Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.

You can use URL like "http://img.example.com/logo?requesting_id=12345..." and simply put image as the output or create iframe...

Solution 4:

There are some serious security issues with allowing scripts to operate on objects that live on different domains. Instead of trying to resolve them on the client side, why not allow the user to place a static URL on their page and you evaluate on the server side whether or not the user is entitled? If they are, serve the file. If not, serve a transparent .gif so that their site does not appear to be broken. Either way you completely avoid any issue with cross-site scripting.