-1

I want to use Google docs in my django site by embedding it with iframe tag Or the link provided by Google for embedding. Is there any security threat by using this method of embedding.

Aman Deep Namdev
  • 1
  • 1
    Hello, check this [link](https://stackoverflow.com/questions/7289139/why-are-iframes-considered-dangerous-and-a-security-risk) as it explains the dangers of an iframe – Daniela C. Montenegro Jul 01 '20 at 13:09
  • How can I remove that issues. @Clijsters – Aman Deep Namdev Jul 01 '20 at 14:23
  • I am not sure. Maybe get some books about Web development. EDIT: Please excuse my harsh words, but StackOverflow isn't the right place for that kind of questions. Take a look at ["What topics can I ask about here?"](http://stackoverflow.com/help/on-topic) and ["What types of questions should I avoid asking?"](http://stackoverflow.com/help/dont-ask). And more importantly, please read [the Stack Overflow question checklist](http://meta.stackexchange.com/q/156810/204922). – Clijsters Jul 01 '20 at 14:26

1 Answers1

0

It really depends what are you putting in IFRAME or if someone is putting your site in their IFRAME. if the foreign site is a "normal" site - no worries, but if you allow to anyone to put your site in IFRAME you can become part of unwanted site.

I personally use IFRAMEs only from my own other sites, where it can't be done differently or from extremely trusted sites (like Youtube). Also I prevent everyone to put my site in IFRAME.

There are tons of posts around, so I would recommend to take a look at the Google.

Branko Radojevic
  • 660
  • 1
  • 5
  • 14
  • How can I prevent anyone to embed my site? Can google docs be a better option to embed in my site securely? – Aman Deep Namdev Jul 01 '20 at 13:59
  • If you use Django 3, and you have default settings.py where this middleware is enabled: django.middleware.clickjacking.XFrameOptionsMiddleware than you are safe, since this middleware is preventing use of your site on other sites by setting X-Frame-Options header to DENY. Modern browser do honor this setting and wont embed your site anywhere. – Branko Radojevic Jul 01 '20 at 17:43