Google Not Reciprocating On IFrame Usage?

Posted by timothy on Sunday October 23, 2011 @07:49AM from the embedded-wars dept.

theodp writes "Over at the Google Web Search Community, posters are questioning why Google feels free to IFrame others' web pages, yet blocks attempts to IFrame pages on its own sites. 'Google has so much contradiction in what it wants for itself and what it does with other websites [e.g., Google frames Slashdot],' quipped one poster. 'Do no evil, right?' And over at the Google Maps Help Forum, developers are also begging for Google to allow them to IFrame entire pages again. 'I know there are other options (&embed etc.),' explains a poster, 'but then there is no sidebar which is useless. I really need the functionality like it was before.' Can any Googlers out there explain The Mystery of 'This content cannot be displayed in a frame'?"

3 of 115 comments (clear)

Min score:

Reason:

Sort:

XSRF by Anonymous Coward · 2011-10-23 07:59 · Score: 5, Informative

It's to prevent XF clickjacking, XSS and XSRF attacks. Please see recent web security papers. Many other major sites with valuable login credentials do the same thing.
Clickjacking by Anonymous Coward · 2011-10-23 08:00 · Score: 4, Informative

http://en.wikipedia.org/wiki/Clickjacking may be related.
Re:DRM for webpages by rivetgeek · 2011-10-23 08:21 · Score: 4, Informative

Any person who modded this up needs a refresher in basic application security. The ability to iframe in a page allows for attacks like clickjacking.