between iframe and the react web application, they use web messaging between to give the authenticated session data. The origin of this data is not checked, this code is all inside the @auth0/react-spa, what can be done to mitigate this security risk? any information would be super helpful
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Auth0-spa-js must run on a secure origin | 8 | 22788 | March 17, 2021 | |
| What is the right setup for SPA + API + webtask? | 4 | 3905 | March 2, 2018 | |
| Why does checkSession require explicitly Allowed Web Origin to be set? | 2 | 3079 | February 17, 2021 | |
| Hosting auth0-spa-js plugin -After hosting in apache Getting error (auth0-spa-js must run on a secure origin.) | 2 | 3958 | May 26, 2020 | |
| Need Help in figuring out what authentication i need! | 2 | 3585 | July 25, 2019 |