Loading a logged in page in an iframe

Question

Suppose www.youtube.com have no X-Frame-Options set.

Imagine I'm already logged in to YouTube. Now from another web page in the same browser I'm loading YouTube in an iframe, will the browser send all the auth-cookies to the YouTube loaded in the iframe so that it will be loaded as logged in?

How about making a simple webpage with YouTube in an iframe and see what happens? — multithr3at3d, Mar 28 '18 at 19:12

score 1 · Answer 1 · answered Mar 27 '18 at 12:19

1

By default, yes, though the sandbox parameter in the iframe tag can change this behavior.

answered Mar 27 '18 at 12:19

David

15,814
3
48
73

Loading a logged in page in an iframe

1 Answers1