All geek questions in one place

Do 3D safe and clean banking sites use an x-frame header?

I am trying to embed 3D secure and network banking pages in an IFrame, and I can succeed on several sites that I tested. But I suspect that ALL will open pages in an IFrame.

What to do if any bank has set x-frame-otpions to SAMEORIGIN or DENY?

I tried to find the technical specification, but could not find anything.
Is there a rule or thumb rule (in any specification) that the authentication bank should / should not use this header? How can I believe that this will work for all banks?
Any clarifications would be of great help.

PS: I know that there are other ways to open authorization gateways. But still, I need clarity in this approach.

+10
source share
1 answer

Usually you do not just open an iframe with a banking domain. Instead, you open the iframe from the domain of the external payment provider (adyen, braintree, etc.), and they, in turn, open inside another iframe so that they are only allowed iframe payment providers to communicate with it.

Interestingly, these frames still typically use policies of the same origin.

0
source

Source: https://habr.com/ru/post/1204615/

More articles:


All Articles