Nathan

that is actually a bad solution to use HTTPAPI for displaying foreign sites
because any reference to any gif or jpg that isn't qualified to the site
must
also reside in your domain. The same goes for href's.

If your site is running HTTPS or any of the other sites you are also in
trouble.

On Wed, Mar 16, 2016 at 3:58 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:

Mike,

Last I checked, "frame-busting hacks" like x-frames were not part of PCI.
You probably have good grounds for ignoring your latest "PCI scan", in that
regard.

iframes provide useful functionality. clickJacking is a problem with
malicious sites. Does anyone have cause to view your web applications as
being malicious?

However, if you really do want to provide content from multiple sites
without using iframes, the idea of using GETURI (or HTTPAPI) to retrieve
"content" from "foreign" sites and passing it through to your users seems
like the best alternative. It will require some redesign and rework of any
applications that currently use iframes.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.