Simon Willison’s Weblog

16th July 2009 - Link Blog

Why an OAuth iframe is a Great Idea. Because users should a) learn to be phished and b) not even be given the option to avoid being phished if they know what they’re doing? No, no and thrice no. If you want to improve the experience, use a popup window so the user can still see the site they are signing in to in the background.

Posted 16th July 2009 at 8:29 pm

Recent articles

Notes on the xAI/Anthropic data center deal - 7th May 2026
Live blog: Code w/ Claude 2026 - 6th May 2026
Vibe coding and agentic engineering are getting closer than I'd like - 6th May 2026

This is a link post by Simon Willison, posted on 16th July 2009.

iframes 22 oauth 54 phishing 54 security 602

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe