Menu
Are there any security concerns when putting an HTTPS iframe in an HTTPS page? Or security wise is it essentially the same as having a single HTTPS page.
(The iframe content is coming from a different domain if that makes a difference)
795
There are no on-the-wire privacy implications associated with this compared with a normal HTTPS page, but bear in mind that you're doubling the number of servers and probably companies involved.
Browser exploits, popups and adware can all be served under HTTPS - and visiting a HTTPS site that isn't in your control can expose your users to privacy violations if the HTTPS URL reveals personal information about one of your users - for example if you serve https://www.example.com/redir.php?url= + CURRENT_URL and you've logged in a user using a GET postback with the username and password in the URL, you could be exposing this to third party sites.
Other than that, there are no issues associated with embedding third-party HTTPS sites into your own HTTPS pages.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
