Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Code Reviews Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Post History

75%
+4 −0
Q&A What are the risks of using iFrame as a temporary migration step for an internal web application?

Overview Our development team is currently trying to develop and migrate a Web application that is split in two: legacy: ASP.NET MVC 5, jQuery, old-style JS programming overall "next": Angular...

1 answer  ·  posted 3y ago by Alexei‭  ·  last activity 3y ago by meriton‭

Question angular html iframe asp.net-mvc cross-domain
#2: Post edited by user avatar Alexei‭ · 2021-05-18T14:05:53Z (over 3 years ago)
added more information
  • ### Overview
  • Our development team is currently trying to develop and migrate a Web application that is split in two:
  • - legacy: ASP.NET MVC 5, jQuery, old-style JS programming overall
  • - "next": Angular SPA + ASP.NET Core 5
  • Each application has its own domain, but they are accessible only internally (VPN, A/D authentication).
  • For entire new modules, it is simple as we develop them directly in the "next" version (the user has a unified UI).
  • However, a recent request deals with important changes done to a part of an entity that affects a tab within a bigger view. As we like to push the migration to the "next" version, we thought of rewriting the entire tab in the next application:
  • - use an iFrame that loads the "next" application
  • - the URL provides a query parameter that makes the "next" application to hide the header, navigation, footer and some margins
  • - iFrame is a temporary (several months - one year) solution until we have the time and budget to migrate the entire view
  • ### Research
  • iFrame seems to work with a few glitches (the content flickers a little bit when loaded), but I am wondering if we risk having big issues when using this. [Various](https://www.ostraining.com/blog/webdesign/against-using-iframes/) [articles](https://stackoverflow.com/questions/362730/are-iframes-considered-bad-practice) [do not seem](https://www.blackburnlabs.com/iframe-evil/) to favor iFrame usage. The downsides I have compiled:
  • - **security risk**. In our case, both applications are accessible internally only and both require A/D authentication (Windows and Azure A/D respectively).
  • - **usability issues**. Never been a focus for the application
  • - **SEO**. Again, internal application, so it does not matter
  • - **permalinks** - not required in our case
  • - **authentication** - in some cases the iFrame might require the authentication again, but this is a known side effect since the application is already split in two
  • - **communication** - communication between the iFrame content and the outer functionality is quite small (we just need to know when a save is ready to reload some information).
  • - **browser support** - we only target Google Chrome and the only limitation seems to be [not allowing downloads in iFrames](https://developers.google.com/web/updates/2020/04/chrome-83-deps-rems).
  • I cannot find any blocking issues, but most information I could find is rather old and maybe some new restrictions are in place / scheduled.
  • ### Overview
  • Our development team is currently trying to develop and migrate a Web application that is split in two:
  • - legacy: ASP.NET MVC 5, jQuery, old-style JS programming overall
  • - "next": Angular SPA + ASP.NET Core 5
  • Each application has its own domain, but they are accessible only internally (VPN, A/D authentication).
  • For entire new modules, it is simple as we develop them directly in the "next" version (the user has a unified UI).
  • However, a recent request deals with important changes done to a part of an entity that affects a tab within a bigger view. As we like to push the migration to the "next" version, we thought of rewriting the entire tab in the next application:
  • - use an iFrame that loads the "next" application
  • - the URL provides a query parameter that makes the "next" application to hide the header, navigation, footer and some margins
  • - iFrame is a temporary (several months - one year) solution until we have the time and budget to migrate the entire view
  • ### Research
  • iFrame seems to work with a few glitches (the content flickers a little bit when loaded), but I am wondering if we risk having big issues when using this. [Various](https://www.ostraining.com/blog/webdesign/against-using-iframes/) [articles](https://stackoverflow.com/questions/362730/are-iframes-considered-bad-practice) [do not seem](https://www.blackburnlabs.com/iframe-evil/) to favor iFrame usage. The downsides I have compiled:
  • - **security risk**. In our case, both applications are accessible internally only and both require A/D authentication (Windows and Azure A/D respectively).
  • - **usability issues**. Never been a focus for the application
  • - **SEO**. Again, internal application, so it does not matter
  • - **permalinks** - not required in our case
  • - **authentication** - in some cases the iFrame might require the authentication again, but this is a known side effect since the application is already split in two
  • - **communication** - communication between the iFrame content and the outer functionality is quite small (we just need to know when a save is ready to reload some information).
  • - **browser support** - we only target Google Chrome and the only limitation seems to be [not allowing downloads in iFrames](https://developers.google.com/web/updates/2020/04/chrome-83-deps-rems).
  • I cannot find any blocking issues, but most information I could find is rather old and maybe some new restrictions are in place / scheduled.
  • <hr>
  • After further testing authentication becomes an issue because Azure A/D msal library does not play nice when user must be unauthenticated. I have used a workaround to have the user authenticated before the view containing the iframe is loaded.[]()
#1: Initial revision by user avatar Alexei‭ · 2021-05-18T07:37:55Z (over 3 years ago) 
What are the risks of using iFrame as a temporary migration step for an internal web application?
### Overview

Our development team is currently trying to develop and migrate a Web application that is split in two:

- legacy: ASP.NET MVC 5, jQuery, old-style JS programming overall 
- "next": Angular SPA + ASP.NET Core 5

Each application has its own domain, but they are accessible only internally (VPN, A/D authentication).

For entire new modules, it is simple as we develop them directly in the "next" version (the user has a unified UI). 

However, a recent request deals with important changes done to a part of an entity that affects a tab within a bigger view. As we like to push the migration to the "next" version, we thought of rewriting the entire tab in the next application:

- use an iFrame that loads the "next" application
- the URL provides a query parameter that makes the "next" application to hide the header, navigation, footer and some margins 
- iFrame is a temporary (several months - one year) solution until we have the time and budget to migrate the entire view

### Research 

iFrame seems to work with a few glitches (the content flickers a little bit when loaded), but I am wondering if we risk having big issues when using this. [Various](https://www.ostraining.com/blog/webdesign/against-using-iframes/) [articles](https://stackoverflow.com/questions/362730/are-iframes-considered-bad-practice) [do not seem](https://www.blackburnlabs.com/iframe-evil/) to favor iFrame usage. The downsides I have compiled:

- **security risk**. In our case, both applications are accessible internally only and both require A/D authentication (Windows and Azure A/D respectively). 
- **usability issues**. Never been a focus for the application
- **SEO**. Again, internal application, so it does not matter
- **permalinks** - not required in our case
- **authentication** - in some cases the iFrame might require the authentication again, but this is a known side effect since the application is already split in two
- **communication** - communication between the iFrame content and the outer functionality is quite small (we just need to know when a save is ready to reload some information).
- **browser support** - we only target Google Chrome and the only limitation seems to be [not allowing downloads in iFrames](https://developers.google.com/web/updates/2020/04/chrome-83-deps-rems).

I cannot find any blocking issues, but most information I could find is rather old and maybe some new restrictions are in place / scheduled.
angular html iframe asp.net-mvc cross-domain