tags:

views:

217

answers:

2
Q: 

Prevent Yahoo OpenID from redirecting the page

Hi, i want to host the yahoo open-id login in an iframe. However as soon as the yahoo page loads it executes the following javascript:

<script type="text/javascript">if(top == self)
{ document.write("") } else
{ top.location.href = "http://www.yahoo.com" }</script>

In other words, it redirects the whole page (not just the iframe). How can i prevent this redirect (all legal issues aside!)?

+1  A: 

I don't think that's how you're supposed to properly implement it and that code is there for a reason. Have you gone through http://developer.yahoo.com/openid/ ?

meder  2009-09-27 22:44:41
I know what i am supposed to do. I just want to do it differently.
usr  2009-09-27 22:46:15
Perhaps there's a reason you're required to do it a certain way?
phoebus  2009-09-27 22:52:00
Honestly... you should not want to and cannot alter the code in an external domain that's hosted in your iframe.
meder  2009-09-27 22:55:34
I just want the openid to be displayed inside of an iframe for the users convenience. I am not some kind of fraudster...
usr  2009-09-27 23:02:17
Why can't you do it the official and supported way?
meder  2009-09-27 23:05:18
Because it is not as convenient for the users. Would [i]you[/i] want a popup?
usr  2009-09-27 23:42:20
Oh i am so used to doing bbcode...
usr  2009-09-27 23:42:56
+5  A: 

Yahoo are absolutely right to stop you doing this; all OpenID providers should.

Putting OpenID in a frame means no visible address bar means no guarantee that the OpenID login form is actually coming from Yahoo; in fact, it looks like it's coming from your site. A user trying to avoid being phished should never enter their password into such a form. The whole point of OpenID is that it can guarantee your identity without making you give your password to every site you want to log in to.

So, no, you can't prevent it.

bobince  2009-09-28 01:33:04
I think you are right that providers should prevent this. Now changing perspective to me: I happen to want what they don't want. Just help me do it. Where is the harm?
usr  2009-09-28 09:15:16
It can't be done, and if it could be done it would be a security hole that Yahoo would have to fix. Or you want me to hack Yahoo's servers for you and change it? :-)
bobince  2009-09-28 09:49:22
If my search turns up empty i'll get back to your offer ;-)
usr  2009-09-28 10:24:22

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?