July 15, 2016

Preventing the access of LSVT through a Frame

Starting August 1, 2016…
We will be enforcing a restriction where by LSVT is not accessible via a frame set of any kind. This will apply when using either an iframe or 100% frame in a frame set.

If a user ends up gaining access to LSVT through a frame of any kind, we will “break” it out of the frame and load the application in the parent window, as it is intended. The end user won’t have to do anything, and they won’t be inconvenienced with a message of any kind, it will just “happen” and they will be able to proceed as intended.

Why are we doing this?

The first and foremost reason is that it highly resembles a malicious technique called ‘clickjacking‘. Search engines can recognize this and even flag your domain as having malicious content. Even though you are attempting to do nothing malicious, their programs can’t tell the difference.

Additionally, security protocols have been put in place to ensure that we keep your information and your content safe. By utilizing frames from other origins, these cross domain safeguards interfere with the user’s ability to access content as intended and they might start getting errors and/or odd behaviors.