auth0.js Allow passing sandbox attributes to iframes

Allow passing sandbox attributes to iframes

Open cleoold opened this issue 6 months ago • 0 comments

Changes

Allow passing sandbox to the hidden iframe when using renewAuth(). This is desired when it's not necessary to execute javascript code in the iframe if all what's wanted is to extract url hash as soon as the page is returned:

renewAuth({ usePostMessage: false, sandbox: 'allow-same-origin' }, e => {});

It is also a security measure to tighten the resources which can be accessed. The default value here is "allow-same-origin allow-scripts", which should ensure most of the existing scenarios work.

References

Testing

[x] This change adds unit test coverage
[ ] This change adds integration test coverage

Checklist

[x] I have read the Auth0 general contribution guidelines
[x] I have read the Auth0 Code of Conduct
[ ] All tests and linters described in the Develop section run without errors

Aug 12 '24 23:08 cleoold

auth0.js auth0.js copied to clipboard

Allow passing sandbox attributes to iframes

Changes

References

Testing

Checklist

auth0.js
auth0.js copied to clipboard