|
|
|
|
|
|
by relaunched
2691 days ago
|
|
|
From what I can tell, CSPs and the right options can make iFrames much more secure; though after working in security for a little while, I'm hesitant to call anything "Secure". The right configuration can prevent your site from being embedded into other sites (mitigate clickjacking) and also whitelist what you can call inbound and outbound. All of these are very good things, especially when you consider how many 3rd party components are embedded into modern websites, especially through tags that, basically, allow for code injection as a feature. Practically speaking, for larger operations, especially if CSPs aren't implemented from day one, it can be highly disruptive to implement, if not done correctly with the will and prioritization of all stakeholders. |
|
|