I have created one regular web app in auth0. I am calling /authenticate in my iframe url source so it can’t redirect to login page if user is not logged in browser but if user is logged in it properly redirect to my login callback url. I got below issue
Refused to display ‘Sign In with Auth0’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’”.
Turn this switch on (Disable clickjacking protection for Classic Universal Login) in the tenant settings → advanced:
Note it will only turn off the additional HTTP security headers for Classic Universal Login. If you use New Universal Login, the security headers are always ON.