Can't use 2FA login in an iframe

davestewart · September 23, 2019, 1:07pm

We are using an iframe to allow the user to re-authenticate without leaving our SPA, which worked well with the old authorisation page, but the 2FA shows blank with the following error:

Refused to display ‘https://[our-domain].eu.auth0.com/u/login?state=g6Fo2SBrUlE0bzNCSFZDZWpHRDhvSW9xZndnNENlVlB5TGhkeKN0aWTZIFRQOTJsNlJCQWRoSkVCV3BKcS1sYlpJcHJTMnptRk5yo2NpZNkgcjdWVm8zNHdiakxDZTQ1bDJacFA5Y0lyQURMazNkZ0I’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’”.

Is there any way round this?

jerry.job · November 18, 2019, 8:00am

I guess below is the answer?

konrad.sopala · November 18, 2019, 11:36am

Thanks a lot for sharing that with the rest of community @jerry.job!

davestewart · November 19, 2019, 2:59pm

Hi @konrad.sopala and @jerry.job - I’m confused…

…the “solution” above is a link back to this very post - so no solution!

Do you have any perspective on that?

ejaimec · October 30, 2020, 3:23pm

What is the answer? How can be the policy modified in Auth0?