[keycloak-user] Integrate the Keycloak Login view in my own html with iframe
Bill Burke
bburke at redhat.com
Mon Feb 23 07:50:34 EST 2015
On 2/23/2015 7:45 AM, Stian Thorgersen wrote:
> We don't support using an iframe as it opens potential exploits (clickjacking, csrf, xss).
>
Actually we might be able to. Currently we restrict this possibility by
setting the Content-Security-Policy header. The value of this header is
configurable in the admin console. IIRC, you can set up trusted origins
with this header. Don't remember. Or you could just shut it off.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list