[FedCM] Question about cross origin iframe #372
-
|
I am embedding my website within the "tool" window (iframe) of a different website, which has a top-level domain that differs from my own. However, the iframe loading my webpage lacks the "identity-credentials-get" attribute. Unfortunately, the developers responsible for the top-level domain are not enthusiastic about making this adjustment for me. Note: My specific use case is session management for LTI 1.3. Is there any advice on how I can get FedCM enabled in the iframe? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Unfortunately permissions policy is required to use APIs like FedCM in a cross-origin iframe for security and privacy reasons. There are other solutions like storage access API that don't require embedder opt-in and work for the learning management system use cases. Although the UI itself may be less preferable depending on your use cases. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the confirmation my suspicion. |
Beta Was this translation helpful? Give feedback.
Unfortunately permissions policy is required to use APIs like FedCM in a cross-origin iframe for security and privacy reasons.
There are other solutions like storage access API that don't require embedder opt-in and work for the learning management system use cases. Although the UI itself may be less preferable depending on your use cases.