[MacPorts] #62680: UI Redressing leads to perform unauthenticated Actions
MacPorts
noreply at macports.org
Mon Apr 12 16:52:38 UTC 2021
#62680: UI Redressing leads to perform unauthenticated Actions
-------------------------+--------------------
Reporter: ImPRINCE99 | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: website | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Comment (by ryandesign):
I see that your attached video shows that you can embed the URL of this
Trac ticket in an iframe, and your original xhtml attachment shows you can
embed www.macports.org in an iframe.
I'm still not entirely clear why embedding a web site in an iframe would
be a problem. It's been a standard feature of web browsers for decades.
Our Trac does indeed have forms but is of course a completely separate
system from www.macports.org. Still, our Trac does not have a login form
(GitHub handles login for us).
We can certainly prevent our Trac and other web sites from being embedded
in iframes using the methods you suggest. But if you think embedding a web
site in an iframe is in general insecure and should never be allowed, then
perhaps it would be more efficient for you to work with the major browser
manufacturers to get them to disable this functionality, rather than have
to speak with the developers of all web sites about it.
--
Ticket URL: <https://trac.macports.org/ticket/62680#comment:8>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list