Simon Willison’s Weblog

16th July 2009 - Link Blog

Why an OAuth iframe is a Great Idea. Because users should a) learn to be phished and b) not even be given the option to avoid being phished if they know what they’re doing? No, no and thrice no. If you want to improve the experience, use a popup window so the user can still see the site they are signing in to in the background.

Posted 16th July 2009 at 8:29 pm

Recent articles

Running Python code in a sandbox with MicroPython and WASM - 6th June 2026
Claude Opus 4.8: "a modest but tangible improvement" - 28th May 2026
I think Anthropic and OpenAI have found product-market fit - 27th May 2026

This is a link post by Simon Willison, posted on 16th July 2009.

iframes 23 oauth 54 phishing 54 security 609

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe