Hacker News new | ask | show | jobs
by cphoover 2681 days ago
How do you prevent Iframes from communicating their cookies to the parent window? Using window.postMessage?

Disable all cookies for iframes? That seems like it would break the internet.
1 comments
andrethegiant 2681 days ago
If you're the parent, you can use the `sandbox` attribute on the frame. If you're the child, you can use the `frame-ancestors` CSP directive.
link
cphoover 2681 days ago
"If you're the parent, you can use the `sandbox` attribute on the frame. If you're the child, you can use the `frame-ancestors` CSP directive."

... Yea but that requires the parent frame not to want the tracking to take place right? Why would they put the iframe in sandbox mode if they were trying to track their users?

link