abhvsn
commented
1 year ago We will be sharing the session cookies within the iframe to support private apps and also introducing the CSRF token to avoid any security loopholes that will get introduced as a part of above task.
In Phase 1, we supported SSO of Private Appsmith applications when the parent and the child(Appsmith app) were subdomains of the same domain. We need to add support for instances that want to embed Appsmith apps across domains.