Facebook Authentication Request within an Iframe

Question

I wanted to test if Facebook allows such kind of authentication requests:

  <iframe src="  https://www.facebook.com/dialog/oauth?client_id=my_id&redirect_uri=my_uri&scope=email,publish_stream&type=web_server"></iframe>

It worked for me.
Why does it work? - Should it work? - what about click-jacking?
And when does Facebook block requests similar to this one?

score 0 · Accepted Answer · answered Aug 29 '12 at 20:35

0

Cross-domain iframes are officially secure elements, you can't tamper with them really.

You can float a hidden div over it to intercept clicks, but there's no way to pass it to or "make" a click happen inside the iframe.

answered Aug 29 '12 at 20:35

Kevin

1 Answers1