Allowing app to be used in iFrames for custom domains

Allowing iFrames for custom domains

I am using the Classic universal login for a web app, and need to allow the app to be embedded in an iFrame for a certain client domain. This can normally be set with the CSP: frame-ancestors setting, but does not seem possible with Auth0. I am aware that this can be enabled for everyone by disabling click-jacking protection, but this would be a security risk for my app. I need it for just specified domains.

This has been asked previously here (New Universal Login Support for IFrames (Office Addin Authentication)) but I believe a comment was incorrectly marked as a solution.

Are there any plans for enabling this feature in future? I believe it would be helpful for other users.


Hey there @roshni1 !

Thank you for creating this feedback card. Make sure to upvote it so it can attract other community members attention. Once we have some communication to reveal on that front we’ll let you know here