Difference between revisions of "Cross-Origin iFrame"
|Line 8:||Line 8:|
Revision as of 10:41, 12 March 2021
Full Title or Meme
The Inline Frame, or iFrame was introduced to allow isolated web pages from unrelated entities to embed content seamlessly into a web page.
- Frames and Framesets were introduced early in browser history to enable refreshing only a portion of a web page to improve responsiveness of web pages in the days of low bandwidth data communications.
- Identity features like OpenID Connect and WebAuthn 2 depends on the Cross-Origin iFrame for a seamless User Experience when identity is provided by a different web site than the Relying Party.
- Submit forms
- Change the parent web page’s URL
- Run plug-ins
- Read cookies or local storage, even if it’s from the parent domain
- Open new tabs, new windows or pop-up windows
- Iframes as a Security Feature does actually acknowledge some of the security problems with iFrames.