问题
I tried, but in headers X-Frame-Options: deny and I do not found any way to configure this inside backend UI.
回答1:
I'm not sure how much of an "answer" this is, but I don't yet have enough reputation to comment and I think this is relevant. The accepted answer doesn't really address iframes at all.
I can't find it documented anywhere, but my guess is that AWS doesn't allow this due to click-jacking concerns.
The FAQ page for Microsoft's Azure AD B2C (a product similar to Cognito) explains why they don't allow their hosted pages to be embedded in iframes:
No, for security reasons, Azure AD B2C pages cannot be opened within an iFrame. Our service communicates with the browser to prohibit iFrames. The security community in general and the OAUTH2 specification, recommend against using iFrames for identity experiences due to the risk of click-jacking.
Source: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs
回答2:
You can check this post on Github: https://github.com/aws/amazon-cognito-identity-js/issues/508. In ildar-icoosoft's respond, he showed how he managed to put the hosted ui in a pop-up window. Hope this can help
来源:https://stackoverflow.com/questions/46149225/amazon-cognito-hosted-ui-impossible-to-iframe