I want to enable sameorigin on the classic universal login to enable an iframe configuration on the same domain. Our administrator tells me that the Clickjacking protection is deny all or allow all.
I want to only allow same domains to keep security measures but allow our own servers to use an iframe.
Our security team will not allow clickjacking protection to be turned off fully for all apps.
References I have come across:
I’d love to have input from @James.Morrison from this post information: Clickjacking Protection in Classic Universal Login!
In case there are any different ideas, we have a website for customers, within that site we want to present external data, secured by auth0. For seamless customer experience we keep the customer in the same location and don’t confuse them with multiple sites/tabs.