Embedding of remote content

Hi all,

Hoping someone can point me in the right direction as I’ve exhausted all ideas at the moment!

Main website with users authenicating through Auth0’s Classic Login screen
Azure hosted web apps with access authenticated by Auth0.
Both of the above are working fine independently.

What I’m trying to do is display the content generated by the Azure Web Apps on a page on the main site, either in an iFrame or via an Ajax call into a DIV element. If the user is signed into main site via Auth0 already then the content needs to load automatically, otherwise prompt the user to sign into Auth0.

Both the main and Azure web apps are configured on the same root domain (Main site on the root, Azure on a subdomain), and we have a custom domain setup in Auth0 on another subdomain.

I’ve tried iFrames and AJAX calls and bumping into what I believe is Cross-Origin/clickjacking controls, which makes sense. I just can’t figure out how to resolve it, or even if it’s possible in our situation?

The application for the Azure content lists the root domain under Allowed Web Origins and I’ve tried enabling the Allow Cross-Origin Authentication and listing the root domain in the Allowed Origins (CORS) field but no joy.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://.eu.auth0.com/authorize?response_type=code&client_id=&redirect_uri=%2F.auth%2Flogin%2FAuth0%2Fcallback&nonce=*****&state=&scope=openid+profile+email. (Reason: CORS request did not succeed). Status code: (302).

Thanks in advance for any pointers :slight_smile: