I allow site B to use portions of my content through iframe. When in under attack mode, iframe’s on site B display a blank frame. However if I visit site A, go through Cloudflare verification check, then go back to site B, iframes will indeed work.
How do I enable site B so Cloudflare can verify the user through iframe?
Do this make site A any less secure?
Thank you.
When you visit Site A, then back to Site B, you’ve already set the cookie on your Site A visit, so the iframe will work on Site B.
Seeing how the iframe is called from the visitor’s browser, I don’t see an easy way to get around this. If it’s just one particular page on Site A that’s being framed, you could add a Page Rule to turn off Under Attack mode for that one URL.
Thanks SDayMan. I’ve seen the verification check being done in an iframe before but can’t provide a working example at the moment. 
Could there be an xframe options setting I could put. I’m going to try to read of that again.
This topic was automatically closed after 14 days. New replies are no longer allowed.