Difference between revisions of "Cross-Origin iFrame"
From MgmtWiki
(→Context) |
(→Context) |
||
Line 4: | Line 4: | ||
==Context== | ==Context== | ||
* Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications. | * Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications. | ||
− | * Identity features like [[OpenID Connect]] and [[WebAuthn 2]] depends on the [[Cross-Origin iFrame]] for a seamless [[User Experience]] when identity is provided by a different web site than the [[Realying Party]]. | + | * [[Identity]] features like [[OpenID Connect]] and [[WebAuthn 2]] depends on the [[Cross-Origin iFrame]] for a seamless [[User Experience]] when identity is provided by a different web site than the [[Realying Party]]. |
==References== | ==References== |
Revision as of 09:32, 12 March 2021
Full Title or Meme
The Inline Frame, or iFrame was introduced to allow isolated web pages from unrelated entities to embed content seamlessly into a web page.
Context
- Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
- Identity features like OpenID Connect and WebAuthn 2 depends on the Cross-Origin iFrame for a seamless User Experience when identity is provided by a different web site than the Realying Party.
References
- Iframes as a Security Feature does actually acknowledge some of the security problems with iFrames.