between iframe and the react web application, they use web messaging between to give the authenticated session data. The origin of this data is not checked, this code is all inside the @auth0/react-spa, what can be done to mitigate this security risk? any information would be super helpful
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
Is it secure to embed SPA in iframe? | 3 | 4070 | May 26, 2021 | |
Why is user w/ unverified email considered authenticated? | 4 | 3183 | October 24, 2019 | |
Authenticating Your First React App | 42 | 12317 | March 7, 2022 | |
State error with auth0-js and iframe implementation | 3 | 3408 | July 22, 2021 | |
"auth0-spa-js" vs "auth0-react" | 4 | 3997 | April 7, 2021 |