Open flieks opened 6 years ago
+1
X-Frame Options is used to prevent ClickJacking. We have heard the request to allow IFRAMES from other customers and will consider it in future updates to the service.
Thanks @rachitdhall for us full front-end integration is mandatory so we will probably switch to another auth service
Hi,
I think we need to be able to embed the hosted UI in an IFRAME so we can integrate federated login inside our web app (domain).
Now without iframe there are 2 disadvantages:
Now i get:
Refused to display 'https://companyName.auth.eu-central-1.amazoncognito.com/login?client_id=1kefjqg8gf1k5slqpr1eovj9g&response_type=token&redirect_uri=https://ourdomain.com/sign_in?' in a frame because it set 'X-Frame-Options' to 'deny'.
What are the security implications for amazon if amazon allows this by modifying the X-Frame-Options?
Thanks Felix