If there was a bug that let websites read from unrelated iframes then they could... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		coddle-hark on Nov 14, 2020 \| parent \| context \| favorite \| on: Don't use third party auth to sign in If there was a bug that let websites read from unrelated iframes then they could just open the iframes themselves.

cirno on Nov 14, 2020 [–]

X-Frame-Options and cookie access rules would help protect against that a layer beneath Javascript. I get your point that ultimately any security breach can escalate to full-on compromise of all personal data. I still find it playing with fire to have completely unrelated sites having my name inside an iframe.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact