between iframe and the react web application, they use web messaging between to give the authenticated session data. The origin of this data is not checked, this code is all inside the @auth0/react-spa, what can be done to mitigate this security risk? any information would be super helpful
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Auth0-spa-js must run on a secure origin | 8 | 22646 | March 17, 2021 | |
| Why does checkSession require explicitly Allowed Web Origin to be set? | 2 | 3075 | February 17, 2021 | |
| Hosting auth0-spa-js plugin -After hosting in apache Getting error (auth0-spa-js must run on a secure origin.) | 2 | 3951 | May 26, 2020 | |
| Open authorized web view in React Native | 2 | 3858 | December 14, 2021 | |
| The Complete Guide to React Authentication with Auth0 | 171 | 27981 | January 6, 2023 |