Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

false security warning on login forms within an iframe

  • 1 réponse
  • 1 a ce problème
  • 28 vues
  • Dernière réponse par samuelcolvin

samuelcolvin
samuelcolvin
more options

I have a login form which uses an iframe to insulate the password from the rest of the app.

All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message.

Why is this?

The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords).

Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?

I have a login form which uses an iframe to insulate the password from the rest of the app. All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message. Why is this? The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords). Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?

Toutes les réponses (1)

samuelcolvin
samuelcolvin Auteur de la question
more options

For some reason my attached screenshot didn't come through the first time, see attached.

URL is https://events.handsupfoundation.org/login/