On 04/02/2013 20:23, Dirkjan Ochtman wrote:
> Hi,
>
> After some procrastination and figuring some stuff out with their API,
> I'm finally getting to the part where I can actually look into how I
> can integrate Persona into Disqus (per David Ascher's request on this
> list from a while ago).
>
> It looks like their setup is such that I provide a URL to them, they
> then open a pop-up window where the login flow can happen, I close the
> window when the login is complete, and they reload the page.
>
> I guess I could open a Persona pop-up on top of the thing they pop up,
> but that seems ugly. Jared suggested on IRC that it might be possible
> to hack up some of the Persona login stuff such that it works in an
> iframe, so that I can effectively make the Disqus-invoked pop-up
> window pretend to be the Persona pop-up, except with a little bit of
> extra script.
>
> Would something like that be possible somehow? I'm guessing this might
> also be interesting in the context of the recent "pop-ups suck"
> feedback.
>
> Cheers,
>
> Dirkjan
> _______________________________________________
> dev-identity mailing list
>
dev-id...@lists.mozilla.org
>
https://lists.mozilla.org/listinfo/dev-identity
Hi Dirkjan,
We explicitly forbid Persona from being run inside of an IFRAME using
the x-frame-options header. We want users to be assured they are
visiting Persona and not a phishing site. Even though there is strong
evidence to suggests that users rarely look at the URL bar, we want this
basic level of assurance for those that do.
What is the goal of what you are trying to do, and what is the initial
flow that you are considering? We might be able to figure out another
way of solving this problem.
Shane