Difference between revisions of "Cross-Origin iFrame"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 5: Line 5:
 
* Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
 
* Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
 
* [[Identity]] features like [[OpenID Connect]] and [[WebAuthn 2]] depends on the [[Cross-Origin iFrame]] for a seamless [[User Experience]] when identity is provided by a different web site than the [[Relying Party]].
 
* [[Identity]] features like [[OpenID Connect]] and [[WebAuthn 2]] depends on the [[Cross-Origin iFrame]] for a seamless [[User Experience]] when identity is provided by a different web site than the [[Relying Party]].
* Early one security was addressed If they’re not from the same domain, the parent HTML document and the iframe don’t have access to each other’s CSS styles, DOM or JavaScript functions, cookies, or local storage.
+
* Early on security was addressed If they’re not from the same domain, the parent HTML document and the iframe don’t have access to each other’s CSS styles, DOM or JavaScript functions, cookies, or local storage.
 +
 
 +
==Problems==
 +
 
 +
==Solutions==
  
 
==References==
 
==References==

Revision as of 09:36, 12 March 2021

Full Title or Meme

The Inline Frame, or iFrame was introduced to allow isolated web pages from unrelated entities to embed content seamlessly into a web page.

Context

  • Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
  • Identity features like OpenID Connect and WebAuthn 2 depends on the Cross-Origin iFrame for a seamless User Experience when identity is provided by a different web site than the Relying Party.
  • Early on security was addressed If they’re not from the same domain, the parent HTML document and the iframe don’t have access to each other’s CSS styles, DOM or JavaScript functions, cookies, or local storage.

Problems

Solutions

References