623888 - X-Frame-Options DENY prevents the display of user and contribution pages in iframes

Status: RESOLVED WONTFIX

(addons.mozilla.org Graveyard :: Public Pages, defect)

Description

[Mike Kaply [:mkaply]]

This will probably be marked as WONTFIX, but I at least wanted to get it out there.

I'd like to show a contribution page as part of my firstrun process in my addon.

Previously I embedded the contribution page in an iframe and did a popup saying "welcome to my addon, here's the info you need to know" and then when that popup was dismissed, the user would see the contributions page underneath. (I can't do a popup from my addon, because AMO forbids dialog popups at first run)

Because of this change, my choices are to either show just the contributions page as my first run, or to do multiple tabs (one for my addon, one for my contributions)

It would be nice if the contributions pages were allowed to be embedded in iframes.

Comment 1

[Wil Clouser [:clouserw]]

I'd be fine with the ability to embed an info page or something, but the contribution page sounds like a recipe for stealing paypal passwords (think: float an invisible <div> over the iframe, user clicks, popup a convincing looking paypal login thing, etc.)

If there is more I can send to you via the API that you can make into what you want, let me know.  Or maybe we can add more options to that "meet the developer" page?  Fligtar might have ideas for that already.

Anyway, I'm happy to help, but you're right about the embeding here, -> wontfix. :-/

Comment 2

[Mike Kaply [:mkaply]]

I think what's probably needed is more user customization for those pages.

So I can have a place to put my firstrun page information on the same page. Separate bug.

Thanks!