Om my improveyourtree.com web site I'm showing geni profile pages in an iframe for analysing it's contents, while showing my info about what problem's was found above.
It used to work beautifully, but the last week, I'm just getting a sad face saying www.geni.com refused to connect instead. Has anything changed lately?
Hi Kenneth,
Unfortunately we've had to disable remote iframe rendering of Geni pages for security reasons. The risk is that a malicious site could overlay a transparent div that can be used to mimic our login form and capture the unwitting user's email and password (clickjacking).
I'm open to ideas for making this work, but not at the risk of our users' security.
Mike
Just limiting the no-frame directives to login screens seems like a good idea to me.
Are there any other thing I could try on my side? Any other type of frame that are safer and thus allowed for example?
The user experience of improving profiles from my site got significantly worse after this change.
User safety is most important so I won't argue with the reason for the change.