IdentityServer antiforgery token bypass
I have an Identity Server instance. One of the application need's to render an identity server pages (login, forgot password, 2fa window, etc.) in the iframe. The problem is that I use an anti-forgery token that prevents all calls since the URL differs.
So I'm thinking about having something like a white list of domains that can bypass forgery token validation.
Are there any built-in solutions for that? Or would appreciate advice about how to implement this logic.
So I'm thinking about having something like a white list of domains that can bypass forgery token validation.
Are there any built-in solutions for that? Or would appreciate advice about how to implement this logic.
