Simon Willison’s Weblog

16th July 2009 - Link Blog

Why an OAuth iframe is a Great Idea. Because users should a) learn to be phished and b) not even be given the option to avoid being phished if they know what they’re doing? No, no and thrice no. If you want to improve the experience, use a popup window so the user can still see the site they are signing in to in the background.

Posted 16th July 2009 at 8:29 pm

Recent articles

DeepSeek V4 - almost on the frontier, a fraction of the price - 24th April 2026
Extract PDF text in your browser with LiteParse for the web - 23rd April 2026
A pelican for GPT-5.5 via the semi-official Codex backdoor API - 23rd April 2026

This is a link post by Simon Willison, posted on 16th July 2009.

iframes 22 oauth 54 phishing 54 security 598

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe