在不同网域的不安全网页上安全iframe [英] Secure iframe on unsecure page in a different domain

问题描述

我们公司正在寻找允许第三方网站使用我们的在线结帐系统。

客户表示他们希望能使用灯箱样式弹出以显示检出。他们希望这可以在网站的每一页，因此大多是不安全的网页。我们的结帐系统和客户端网站显然位于不同的域中。

我猜我可以使用安全的iframe（使用https）来显示我们的结帐系统。 / p>

这个iframe是否安全？

这是一个明智的事吗？ （我的内心说不，因为用户如何告诉页面是安全的）

有什么更好的方法来实现这个功能吗？

解决方案

你看过其他类似的结账系统是如何工作的吗？例如在ebay的paypal结帐？当交易完成后，它们会将您的结帐过程全屏并返回到原始网站。

Our company is looking into allowing third party sites to use our online checkout system.

A client has stated that they would like to be able to use a lightbox style popup to display the checkout. And they would like this to be available on every page of the site, therefore mostly unsecure pages. Our checkout system and the client site are obviously on different domains.

I'm guessing that I could use a secure iframe (using https) to display our checkout system.

Would this iframe actually be secure?

Is the a sensible thing to do? (my gut says no, as how can the user tell the page is secure)

Are there any better ways to achieve this same functionality?

解决方案

Have you seen how other similar checkout systems work? For example the paypal checkout on ebay? They take you trough the checkout process "full screen" and back to the original site when the transaction is complete.

这篇关于在不同网域的不安全网页上安全iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！