Allow / limit embed to specified domains only?!


one thing very cool about vimeo as to control / ownership of one´s content contribution is the ability to define a list of domains allowed to embed ones content.

– I wonder, is something similar achievable within ReadyMag?

thanks for hints + feedback!

With Vimeo you’re creating the content that can be embedded into a website.

With ReadyMag you’re creating the container (website) that content from elsewhere can be embedded into.

So I don’t really understand what you’re trying to do.

It sounds like you want to be able to limit where your ReadyMag website is… embedded? How common is it for your website to be embedded somewhere else?

hey Paul,

while appreciating your reaction in principal, I have – over the years and the forums – become more than a bit skeptical of answers that – as first / main move – kind of question the use-case, or original motivation of the OP in general.

I think of technologies and services as something people use according to their contexts, cases, ideas… and I take every user first of all at face value,
so, … even if I have questions (which can come from very different directions; … including simply misunderstanding, not getting the whole thing, having different use contexts personally etc.), I – personally – always stay friendly and respectful (and I would hope there are forum / moderation principles here re. that)

– so, I accept that you might personally not understand all backgrounds / aspects of my question. Then, just ask kindly, and I will elaborate, explain.
But, frankly (as you come across very direct and robust) this kind of tonality actually doesn´t’ t really invite doing any of that…. so, I wonder – a bit – what the intrinsic motivation of your comment is… :thinking: is it helping? :thinking: :thinking: :thinking:

…, nevertheless, and maybe for other friendly readers (and the team):

  1. Readymag allows both: embedding external content; and embed the user produced content in other contexts (that is the whole point of the iframe-export, I would think)

  2. what I am trying to do is produce (partial) page content for other websites, … and embed it there …
    a) without the high barrier of using a password
    b) without that leaving my content exposed openly on the internets (via the readymag url that follows some custom scheme like readymag.user/123456789. – so, to be clear: for me a way to restrict and specify the contexts for embedding, would also come along with a way to de-publish my website also from the domain, or at least allow for more secure URLS there (– like vimeo allows).

  3. “How common is it for your website to be embedded somewhere else?” … one could start a research project on that. And I would be interested in the results. Somewhat. But regardless of the exact number: this is what my use case is. and my question :slight_smile: – and actually, in my world this is what forums are about (different from documentation, tutorials etc.)

(@paul :… I can accept that you might a) not be interested in it, b) regard it as fringe.
but please, in both cases: just move on, or skip this thread (which is not actually directed at you personally); or even better: try to be helpful. And kind. :blush:)

Sunny greetings!
– and I’d still appreciate some helpful (and friendly / respectful) beings chiming in with their ideas, and thoughts. :sunflower: :pray:

1 Like

Sounds to me that Paul was trying to understand your usecase to eventually jump into sharing ideas/workarounds.

Anyhow, best of luck! 🫱🏼‍🫲🏻

1 Like

Would be lovely, @Samus!

… though admittedly it sounded like he is adding in rather strong personal assumptions on his own, before the asking / understanding part (‘Readymag is not for embedding elsewhere’; ‘not a lot of people do it’)

But let’s see; maybe the pitfalls of casual / brash writing are to blame… ?!

And, thanks for the wishes!

1 Like

hey. I don´t see a very harsh tonality in @pauls answer here. Yeah its short and doesn´t have a welcoming “hello”, but I think he did not want to have a instructing voice here, just wanted to know about the “what for”.
And like him, I didn´t get your question in your first post. To answer in a holistic way its often good to know about the different aspects of your problem.
This is, now, thanks to your second post, answered.

But onto your question:
I think you could achieve this with a Conten-Security-Header. Never tested it, but have a look Here
Or here

1 Like

hey neueMeta,

appreciate your post on both levels.

as to Pauls initial reaction, I see this is open for different interpretations. I have stated my reading (on the background of some similar experiences), and it mainly comes from the tonality and the sound. which, as we say here in Germany, often ‘makes the music’. I am open for correction of course; but also think Paul himself is the only one who can really set this straight…

as to the substantial part: thx a lot!
– I gather this would need a code injection as part of the plan? … which would rule me out…! :-}
– but I do appreciate the pointer!

1 Like

Do you mean code is not accepted in your plan? All their current plans have that feature built-in. If you are on a grandfathered plan, you might have options to get code injection enabled.

thanks again, @Samus.

– yes, grandfathered ‘Creators’ plan…

afaik, all that is allowed there is iframe tag, and some embeddings…
what you point to, seems to be in the territory of real code injection…

Readymag help page says:
“Adding custom code” “is available on paid plans, excluding legacy plans (Creator and some custom plans).” –

also: I think in such a scenario I would still have to find a way to stop the generic display of any project under ones own Readymag-URL (which goes something like ‘’ and is autocreated in any event, it seems…)

but also think Paul himself is the only one who can really set this straight…

Of course, as the others here have said, I intended no ill-will in my initial reply, only seeking clarification.

Using iframes is fairly unusual practice in 2023, but the more I use ReadyMag, the more I find that its limitations mean hacky workarounds are a necessity.

thanks for clarifying, Paul.

I of course accept any position like that, re. iframes etc. everyone w/ larger exposition to using the net will have to form an opinion on that; and that opinion informs a lot of other follow up stances / takes on related subjects… etc.
so, I get that. and I totally see that one can see iframes as others see ‘antique’ / ‘byzantine’ RSS, for example,… (…or: used to see, until a recent turn of the tides on social media gardens… ;-D)

I still feel one could put a little appreciative / acknowledging care in any starting comment, esp, where it fills in on a thread started by another thinking (and opinionated) individual…

… but I take your word here, appreciate that; … and certainly rather would like to discuss content / topical matters from here on :wink:

thx, mate!

Gotcha! Nevertheless, I think it would be a good idea to check with their support; they might have specific options for you to ‘enhance the old plan’ or something similar. I’ve done this with other services and it generally pays off.

The /123456/ is the project number, it can be edited to something else but can’t share any insights on how to stop that from displaying :melting_face:

thanks again!

– yeah, I might give that a shot!
especially when the other question of Readymag-URL is solvable.

I tested out the question of Readymag-standard-URL. thing is: you can customize the URL; but the standard-number URL still remains in place! :frowning:
– that was my experience…

actually, I was hoping there is some staff in here too, as I thought this might be a way to combine community + staff knowledge to get things solved…

but thanks again!

hey again,

one solution woudl be to check via javascript, if your page is shown inside an iframe.
(add in the "before </ body> section)
After that you can decide what shall happen. For exmaple redirect to another page, or what ever comes to your mind.

   setTimeout(function() {
if(top.location != window.location) {
 //redirect to page if page is inside iframe
  location.href = "";

       }, 1000);  

This is a kind of warkaround. The cleaniest approach would be to host your webpage on your own server and change your .htaccess file inside your serverfolder to deny the iframeambedding or every site or allow some specific ones.

Here is a another detailed article on this topic:

thx again @neueMeta!

… I will keep this in my knowledge base!

still, I think this depends on two things as precondition:

  1. finding a way to insert js as part of my legacy ‘Creators’ plan
  2. find a way to ‘block’ the consistent default url ' to be openly accessible via the web…

thx again!