You are viewing a single comment's thread from:

RE: Introducing SC2 Pay - A SteemConnect Add-On for Seamless STEEM/SBD Payments

in #utopian-io7 years ago

@fabien yes this was also pointed out by @jga below and I agree it is an issue...Do you have any thoughts of a different way to handle this? I would really, really like to be able to provide a way to make Steem/SBD payments without having the user leave the website to a new window or tab but in a way that is still secure and be verified.

Sort:  

I'd be super leery about using an iframe in general. I know there's some mucking around with CORS/Same Origin Policy to go through, but once that's done it's very easy for the parent page to do whatever it wants to the data found inside. The golden boy for submitting crypto payments right now is probably Metamask, which is either built into the browser or run as an extension for complete isolation.

I would go for a simple popup window, similar than what is used for service like Facebook login with apps see:
image.png

@fabien How would you get around the built-in popup blockers in most browsers with that method? Or would you just leave it up to the user to have to allow them?

If the user is truly into your application, I don't think enabling a popup window is a huge problem.

Perhaps you can give the user different options... like open in "iframe" or "popup"...