I want to enable sameorigin on the classic universal login to enable an iframe configuration on the same domain. Our administrator tells me that the Clickjacking protection is deny all or allow all.
I want to only allow same domains to keep security measures but allow our own servers to use an iframe.
Our security team will not allow clickjacking protection to be turned off fully for all apps.
In case there are any different ideas, we have a website for customers, within that site we want to present external data, secured by auth0. For seamless customer experience we keep the customer in the same location and don’t confuse them with multiple sites/tabs.
Good morning @James.Morrison, thank you for your response last week. I was wondering if you had any luck with further details, good or bad? If it is not possible to do then we need to find an alternative method.
Many thanks
Simon
I apologize for the delay in response, I confirmed with a senior engineer in regards to this front and Clickjacking is very much an all or nothing type of situation. For your situation it doesn’t necessarily sound like the right fit.