[keycloak-user] Integrate the Keycloak Login view in my own html with iframe

[Bill Burke]

On 2/23/2015 7:45 AM, Stian Thorgersen wrote:
> We don't support using an iframe as it opens potential exploits (clickjacking, csrf, xss).
>

Actually we might be able to.  Currently we restrict this possibility by 
setting the Content-Security-Policy header. The value of this header is 
configurable in the admin console.  IIRC, you can set up trusted origins 
with this header.  Don't remember.  Or you could just shut it off.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com