>This isn't a new thing, it's been possible for a number of years to integrate p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		homakov on Dec 7, 2014 \| parent \| context \| favorite \| on: New Paypal gateway UI susceptible to spoofing >This isn't a new thing, it's been possible for a number of years to integrate paypal using an iframe. Yes, I know about classic integration options. But it's not about what was possible (any kind of phishing is always possible) it's about what Paypal suggests by default and what websites actually use. > Retrieving the url for a payment system usually requires making a server side call window.open('site.com/get-url-for-paypal-then-redirect')?

userbinator on Dec 7, 2014 | [–]

Or even just a regular link to site.com/get-url-for-paypal-then-redirect.

talldan on Dec 7, 2014 | [–]

that's a good option - hadn't considered that approach.

homakov on Dec 7, 2014 | [–]

Yeah, and it's very widely used in oauth. (Talking in separate threads is weird)

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact