X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

false security warning on login forms within an iframe

Kuphostiwe

I have a login form which uses an iframe to insulate the password from the rest of the app.

All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message.

Why is this?

The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords).

Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?

I have a login form which uses an iframe to insulate the password from the rest of the app. All content both in the parent window and the iframe is loaded over https, however I'm still getting the "This content is not secure..." message. Why is this? The iframe is loaded with `sandbox="allow-forms allow-scripts"` eg. without Same-Origin (This is to prevent code running in the parent window introspecting the login form to find passwords). Could this be the cause of the problem? If so, is it intentional, could it be documented or fixed?
Isicaphuno

Eminye Imininingwane Yohlelo

Fakela amapulagi

none

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36

Eminye Imininingwane

Umnikazi wombuzo

For some reason my attached screenshot didn't come through the first time, see attached.

URL is https://events.handsupfoundation.org/login/

For some reason my attached screenshot didn't come through the first time, see attached. URL is https://events.handsupfoundation.org/login/
Ingabe lokhu kube usizo kuwena?
Isicaphuno
Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.