[keycloak-user] Integrate the Keycloak Login view in my own html with iframe

Bill Burke bburke at redhat.com
Mon Feb 23 07:50:34 EST 2015


On 2/23/2015 7:45 AM, Stian Thorgersen wrote:
> We don't support using an iframe as it opens potential exploits (clickjacking, csrf, xss).
>

Actually we might be able to.  Currently we restrict this possibility by 
setting the Content-Security-Policy header. The value of this header is 
configurable in the admin console.  IIRC, you can set up trusted origins 
with this header.  Don't remember.  Or you could just shut it off.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list