Closed tmcw closed 3 weeks ago
You can prevent Clerk being in use on specific routes by skipping them in config.matcher
or adding them to ignoreRoutes
in middleware.js
:
middleware.js
export default authMiddleware({
// ...
ignoredRoutes: ['/embed(.*)'],
});
https://clerk.com/docs/references/nextjs/auth-middleware#options
This issue is "No way to skip authentication with Clerk + Remix" - authMiddleware
is a feature for the Next.js integration, not the Remix integration.
Hello! This issue has been resolved with the release of Core 2, which totally replaces the Interstitial with a new mechanism that does not break inside iframes.
I'll be closing this issue as it is fixed on the latest version of @clerk/remix
package.
Facing almost similar issue for Next.js 14.
I have a /chatbot route that is iframed to another domain. Clerk is not able to initialize itself for those domains.
I am using "@clerk/nextjs": "^5.1.3", where it exports clerkMiddleware, which doesn't support ignoredRoutes feature. (as mentioned by @iqqmuT
Do we have a way in Clerk v5 to make it work for iframes?
Would be happy to provide additional information if required.
Hello @ConnectWithNoor! What are you trying to achieve?
Authenticated routes inside cross-origin iframes do not work out of the box, due to security reasons.
If you just want to embed a page in an iframe without authentication, you can just exclude the path from the protected pages; you don't need the ignoredRoutes.
Preliminary Checks
Reproduction / Replay Link
.
Publishable key
.
Description
We've been suffering from the various remix issues and have an app that supports iframe embeds. Clerk does not work with iframe embeds at all - it produces a 401 and breaks. Ideally, Clerk wouldn't break when used inside of iframes. But, sparing that, it would be nice if we could disable Clerk for certain routes.
We got recommended to something like this:
To resolve this without an update on Clerk's end, but that produces the error message:
So, in short:
Steps to reproduce:
Expected behavior:
Clerk shouldn't authenticate in the iframe.
Actual behavior:
It does and breaks the iframe environment
Environment