Login page not open in iframe

I have created one regular web app in auth0. I am calling /authenticate in my iframe url source so it can’t redirect to login page if user is not logged in browser but if user is logged in it properly redirect to my login callback url. I got below issue

Refused to display ‘https://nikks.auth0.com/login?state=g6Fo2SAtWlA5dUFpUW9lVXFkMVVlbTI5SUx4SExDOGVhMlFPNKN0aWTZIFhXYlBKcE41MFFsaWxONUhva1ZIeDBONUZYaWNON3BZo2NpZNkgNHQ4NGJUeTNhcFd3d3o1dXlKaWFrbTZBY2J5ejJ4dms&client=4t84bTy3apWwwz5uyJiakm6Acbyz2xvk&protocol=oauth2&response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Fincident%2F%3Ftoken%3DeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiand0IiwiZW1haWwiOiJuaWtoaWwuYmFndWxAYXVkZXRlbWkuY29tIiwidGlja2V0X2lkIjozMDksIm5hbWUiOiJhdWRlQHRlbWkxMiIsImF1ZGV0ZW1pX2RvbWFpbiI6Imh0dHBzOi8vZnJlc2hkZXNrLmF1ZGV0ZW1pLmNvbSIsImZyZXNoZGVza19kb21haW4iOiJodHRwczovL2F1ZGV0ZW1pLmZyZXNoZGVzay5jb20iLCJpYXQiOjE1NjA0MDY4ODYsImV4cCI6MTU2MDQxMDQ4Nn0.7rzkLrb3TWkb3Y6uO-rIr2CRRV2_gw9iIWk_kCXnW4Q&scope=profile%20email&audience=https%3A%2F%2Fnikks.auth0.com%2Fapi%2Fv2%2F’ in a frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’”.

How can I resolved this issue.


I am also encountering the same issue and would like to ask for suggestions on how to resolve. Thanks

1 Like

Turn this switch on (Disable clickjacking protection for Classic Universal Login) in the tenant settings -> advanced:
auth0dse_screenshot 75

Note it will only turn off the additional HTTP security headers for Classic Universal Login. If you use New Universal Login, the security headers are always ON.


Let us know @kerwintang if that works for you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.