If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

X-Frame-Options DENY prevents the display of user and contribution pages in iframes



addons.mozilla.org Graveyard
Public Pages
7 years ago
2 years ago


(Reporter: mkaply, Unassigned)





7 years ago
This will probably be marked as WONTFIX, but I at least wanted to get it out there.

I'd like to show a contribution page as part of my firstrun process in my addon.

Previously I embedded the contribution page in an iframe and did a popup saying "welcome to my addon, here's the info you need to know" and then when that popup was dismissed, the user would see the contributions page underneath. (I can't do a popup from my addon, because AMO forbids dialog popups at first run)

Because of this change, my choices are to either show just the contributions page as my first run, or to do multiple tabs (one for my addon, one for my contributions)

It would be nice if the contributions pages were allowed to be embedded in iframes.
I'd be fine with the ability to embed an info page or something, but the contribution page sounds like a recipe for stealing paypal passwords (think: float an invisible <div> over the iframe, user clicks, popup a convincing looking paypal login thing, etc.)

If there is more I can send to you via the API that you can make into what you want, let me know.  Or maybe we can add more options to that "meet the developer" page?  Fligtar might have ideas for that already.

Anyway, I'm happy to help, but you're right about the embeding here, -> wontfix. :-/
Last Resolved: 7 years ago
Resolution: --- → WONTFIX

Comment 2

7 years ago
I think what's probably needed is more user customization for those pages.

So I can have a place to put my firstrun page information on the same page. Separate bug.



2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.