www.geni.com refused to connect

Om my improveyourtree.com web site I'm showing geni profile pages in an iframe for analysing it's contents, while showing my info about what problem's was found above.

It used to work beautifully, but the last week, I'm just getting a sad face saying www.geni.com refused to connect instead. Has anything changed lately?

Hi Kenneth,

Unfortunately we've had to disable remote iframe rendering of Geni pages for security reasons. The risk is that a malicious site could overlay a transparent div that can be used to mimic our login form and capture the unwitting user's email and password (clickjacking).

I'm open to ideas for making this work, but not at the risk of our users' security.

Mike

I get the same message when trying to run SmartCopy. This is a disaster for my work mode.
Can't you limit the no-frame directive to the screens and popups that deal with login?

Just limiting the no-frame directives to login screens seems like a good idea to me.

Are there any other thing I could try on my side? Any other type of frame that are safer and thus allowed for example?
The user experience of improving profiles from my site got significantly worse after this change.

User safety is most important so I won't argue with the reason for the change.

Mike Stangel

Would using 2-factor authorization work? (see https://www.geni.com/discussions/145968?msg=1398097)

Something changed since yesterday; after having SmartCopy get a new 'token' (after doing an app 'logout' & 'login') it is now working on Firefox (which was giving the iframe rejection yesterday).

The change that's being talked about above doesn't seem to affect my app. I still have the same problem.

So, how do you use this project at all? This is the error I get when using the extension, and I don't know how to use it any other way? Does this project not work at all, or is there a different way to use smart copy that isn't "click the extension and then use it"?