Skip to main content

Nested iFrames

In the event the TokenEx iFrame is being rendered from within multiple nested iFrames, all ancestors in the chain must be provided as a comma-separated list.

warning

The parent of the TokenEx iFrame must be first in the list. The origin string used when generating the HMAC must be the same string supplied to the origin parameter within the iFrame Configuration Object.

Example

Primary origin that will be interacting with the TokenEx iFrame: foo.com
Subsequent origins that will render foo.com: bar.com
The origin string used in the HMAC would then be: https://foo.com,https://bar.com

HTTP
Origin: "https://foo.com,https://bar.com"

To see a live example of a nested origin, check out this JS fiddle page. You can see the origin being passed in this example is "https://fiddle.jshell.net,https://jsfiddle.net". This is because the page rendering the iframe (fiddle.shell.net) is itself an iframe being rendered within jsfiddle.net.