Amazon Cognito托管的UI无法内嵌？ [英] Amazon Cognito hosted UI impossible to iframe?

问题描述

我尝试过，但是在标题 X-Frame-Options：deny 中，我没有找到任何方法在后端UI中进行配置。

I tried, but in headers X-Frame-Options: deny and I do not found any way to configure this inside backend UI.

推荐答案

我不确定这是多少答案，但是我没有足够的声誉来发表评论，我认为这很相关。公认的答案根本无法解决iframe。

I'm not sure how much of an "answer" this is, but I don't yet have enough reputation to comment and I think this is relevant. The accepted answer doesn't really address iframes at all.

我在任何地方都找不到它的文档，但我猜测是由于单击劫持的原因，AWS不允许这样做。

I can't find it documented anywhere, but my guess is that AWS doesn't allow this due to click-jacking concerns.

Microsoft的Azure AD B2C（类似于Cognito的产品）的常见问题页面解释了为什么他们不允许将其托管页面嵌入iframe：

The FAQ page for Microsoft's Azure AD B2C (a product similar to Cognito) explains why they don't allow their hosted pages to be embedded in iframes:

不，出于安全原因，无法在iFrame的
内打开Azure AD B2C页面。我们的服务与浏览器进行通讯以禁止
iFrame。总体而言，安全社区和OAUTH2
规范建议不要使用iFrame进行
身份体验，因为这会带来点击劫持的风险。

No, for security reasons, Azure AD B2C pages cannot be opened within an iFrame. Our service communicates with the browser to prohibit iFrames. The security community in general and the OAUTH2 specification, recommend against using iFrames for identity experiences due to the risk of click-jacking.

来源：
https://docs.microsoft.com/zh-CN/azure/active-directory-b2c/active-directory-b2c-faqs

这篇关于Amazon Cognito托管的UI无法内嵌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！