In earlier years of the Atlas (then WebLink) web component pages, using "iFrames" on third-party sites was a common practice to display data dynamically from your database on your website. As web technology has changed, we've updated our standard web components to be delivered without the use of iFrames. However, some third party sites may still be using the iFrame technology to display Atlas web pages or widgets.
To prevent any customer websites from failing PCI Compliance scans, we are deprecating the use of iFrames on third-party websites to display Atlas web component pages or widgets. This requirement is a protection against "click-jacking," a website attack technique that tricks users with invisible or disguised webpage elements. We are making this change effective immediately. Remember - this method of displaying Atlas content on your site is not used much any more and likely your website will continue to function exactly as it always has. If you're not sure, skip down to the FAQs below!
If you are using an iFrame of an Atlas web page on your website, you have two options:
- You can simply remove the iFrame content itself from your site
- If you have a standard (albeit outdated) widget that you are using on your site such as an Event scroller or a New Member list, we may be able to provide your third party website service with alternate code to be able to display the content using modern scripts rather than an iFrame. You can contact the Help team to determine if this is an option for your iFramed content.
We apologize for any inconvenience this may cause. As the technology available to keep your website and your member's information safe evolves, we strive to hold our products to the latest standards, and we'll work with you to make sure this transition is as smooth as possible. If you have any questions, please don't hesitate to contact us.
What is an "iFrame?"
It is an HTML element that allows you to embed documents, videos, and interactive media within a page. By doing this, you are displaying a secondary webpage on your primary webpage and your main site becomes a "host" to display a completely different page.
Why can't we use them anymore?
While there isn't anything inherently wrong with the iframe technology itself, the danger comes in allowing a web page that is not on the same domain as the page the user navigated to, and to keep your website safe, any iFrames used must be from the exact same domain as the overall page you are viewing. Since Atlas pages are hosted on your Atlas subdomain, iFrames from that subdomain are not allowed on your primary (base) domain. Unfortunately allowing only specific domains to use iFrames is no longer supported as an option by most modern browsers, so blocking all iFrames is the safest option.
How do I know if my site uses an iFrame?
Remember that iFraming is an old technology that we haven't been utilizing whenever possible for several years - so chances are, you do not have any iFrames on your site. If you have embedded widgets from your Atlas database, they are likely using modern scripts that do not use iFrames and are NOT affected by this hange. However, to check if you do have iFrames in use, you can right-click on any of your website pages and choose View Source. Then run a search (Ctrl-F) for the keyword "iframe" - you'll see the URL of the iFramed content (if one exists), and you'll see your Atlas domain name listed there (usually that looks like https://web.mydomain.com or https://mydomain.wliinc12.com, and has the extension .aspx at the end of the page). If you search your source code for "iframe" and no results are returned - you're all clear! Nothing to do.
How can I update iFrames that remain on my website?
If you do find an iFrame that you need to remove or that has broken, please contact our Help team with the specific page and iFrame URL if possible. We are happy to evaluate the content of the iFrame and determine the best course of action, including swapping out the widget for a supported method of embedding or potentially linking out to a fully qualified Atlas web page instead. Some legacy/custom web pages may no longer be supported, but again we can evaluate that for you on a case-by-case basis.
When can I expect any iFrames on my site to stop working?
Because it is important to provide you with websites that are fully PCI compliant, we will be rolling out this deprecation as soon as possible. All customer sites will be blocked from loading Atlas iFrames by the end of August. If you find one and would like to remove it out sooner than that, we strongly encourage you to do so.
Please sign in to leave a comment.