Is there a reason that iframes are allowed to be used with certain URL’s on the Roblox website? I was viewing one of the cookie stealing scams the other day, and realized that it uses iframes with certain Roblox-related URL’s (Eg. RequestGame) to grab the cookies from the client to begin with.
If iframes aren’t needed on Roblox/outside of Roblox, I believe blocking 3rd party websites from accessing roblox related URL’s via iframes would be a good idea overall.
Thoughts?
Yeah - that RequestGame iframe thing is a huge issue.
Just wanted to bump this - thoughts from staff members?
The web team rarely replies to posts.
This will greatly reduce the amount of ‘Paste this code into the box below’ websites. Support.
We added some additional restrictions to placelauncher and getgameauth tover the summer to prevent these iframe or pop-up -window-based attacks. If you are still seeing phishing sites trying to do this please send me a PM and I’ll take a look.