I think there are many ways to ensure that Files gallery is loaded only inside an <iframe>
, using PHP or Javascript. Keep in mind, these methods could possibly be bypassed, so I wouldn't depend on them for security.
Here is a basic Javascript approach, which you could add to Files custom Javascript:
if(window.self === window.top) location = 'https://url-to-iframe-page-here/`;
There are many ways with PHP, for example something simple:
if(!isset($_GET['i']) || empty($_GET['i'])) header('location: https://url-to-iframe-page-here/');
Then in your page with iframe, load it like this <iframe src="/files/index.php?i=1">
...
There are more robust ways in PHP, like creating sessions or checking HTTP_REFERER, but I don't really see the point in complicating things if there are no additional benefits (I can't see any).
https://stackoverflow.com/questions/15712422/allow-a-page-to-only-load-in-an-iframe
https://stackoverflow.com/questions/6662542/check-if-site-is-inside-iframe