Re: [keycloak-user] Integrate the Keycloak Login view in my own html with iframe

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-user(a)lists.jboss.org Sent: Monday, February 23, 2015 1:50:34 PM Subject: Re: [keycloak-user] Integrate the Keycloak Login view in my own html with iframe On 2/23/2015 7:45 AM, Stian Thorgersen wrote: > We don't support using an iframe as it opens potential exploits > (clickjacking, csrf, xss). > Actually we might be able to. Currently we restrict this possibility by setting the Content-Security-Policy header. The value of this header is configurable in the admin console. IIRC, you can set up trusted origins with this header. Don't remember. Or you could just shut it off. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user