Hello, we’re using zero trust (aka all the other names) on a local app, and the tunnel and service is working well. Part of the application generates dashboards that can be embedded anywhere within an iframe, and that part isn’t working well for any person who isn’t logged into the application (e.g. logged in users can see the embedded dashboard, but visitors to the page just see an error that cloudflareaccess won’t connect).
There are no security issues as the data is protected but ideally, we would like to have the embeds show up as its an essential part of marketing.
Any ideas on how this can be achieved?
We’ve got the same problem. I understand that there are security implications to allowing the authentication form to be embedded (so that probably won’t be possible) but seeing anything other than a browser error would be great.
For example a simple message explaining that authentication is required and a link to open the page in a new tab.
Hello, were you able to resolve this?
We currently have an issue where an iframe is embedded on a site; that iframe contains an application that is secured by Zero Trust/Cloudflare Access. There’s no issue if the user is already logged into Cloudflare; but if they are not, it is just a gray error screen in Chrome (when viewing the source of this gray screen, I can see the Cloudflare sign-in page, but it doesn’t actually render in the browser). I’m wondering if it is CORS related. Any advice would be appreciated. Thanks
No - we ended up abandoning the use of Cloudflare for this as it became too many layers to solve for access. Would be great to know if anyone gets a solution to this in the future.