I have some legacy code that used to allow users to log into from other websites, but no longer works.
Here's how it worked. customerdomain.com embeds the following iframe:
<iframe src="https://webappdomain.com/c_login.php" style="width:380px;height:500px;border-radius:15px;margin:15px;" scrolling="no" frameborder="0"></iframe>
Inside the iframe there is a submit button that takes a username/password and passes it to a .php page to authenticate as follows. If the user authenticates at webappdomain.com, a cookie and php session is created and then a custom return code is sent back "200".
This is the jquery inside the iframe page "submit button":
jQuery.ajax({
type: "POST",
url: "../includes/login_process.php",
data:data,
success: function(returnValue)
{
if(returnValue == 200)
{
parent.location.href="https://webappdomain.com/administrator/index.php";
}else{
//dispalay msg
}
}
});
Once the user authentication is good, we then tell the customerdomain.com page to go over to webappdomain.com as follows: parent.location.href="https://webappdomain.com/administrator/index.php";
We now get an error during the execution of the javascript in the console that says "The operation is insecure."
This used to work, but some time ago it stopped...I'm guessing it has to do with some cross site scripting changes to browsers...but I don't know how to solve this...been trying for some time to read up, but getting no where. Any ideas on how to solve this?
