Nested iFrames
In the event the TokenEx iFrame is being rendered from within multiple nested iFrames, all ancestors in the chain must be provided as a comma-separated list.
The parent of the TokenEx iFrame must be first in the list.
The origin string used when generating the HMAC must be the same string supplied to the origin
parameter within the
iFrame Configuration Object.
Example
Primary origin that will be interacting with the TokenEx iFrame: foo.com
Subsequent origins that will render foo.com: bar.com
The origin string used in the HMAC would then be: https://foo.com,https://bar.com
Origin: "https://foo.com,https://bar.com"
To see a live example of a nested origin, check out this JS fiddle page.
You can see the origin being passed in this example is "https://fiddle.jshell.net,https://jsfiddle.net"
.
This is because the page rendering the iframe (fiddle.shell.net) is itself an iframe being rendered within jsfiddle.net.