When does Auth0 send the following headers specifically?
X-Frame-Options: deny Content-Security-Policy: frame-ancestors ‘none’
We are putting one app (of same domain but different subdomain) in an iframe. The iframed app will not have a login prompt but we expect it to be able to get tokens from the parent page’s authentication. Will this be feasible? We are using New Universal Login
Have looked at - Clickjacking Protection for Universal Login Change
and am wondering if this will be an issue.