1

I want to embed a small web-app across various third party domains, much like Disqus does with their commenting app. The users need to authenticate, and this needs to persist across the domains.

I noticed that Disqus uses an <iframe> to deploy their app. I assume that is so that they can use cookies to maintain a session for their users. Correct?

Is there any way to get around using an iframe for this use case? I was thinking perhaps about using a Web Component with a JWT token from localStorage. But as I understand, localStorage is restricted to a domain. You would need a hidden iframe to share the localStorage across domains.

Any other method that would work across third party domains?

Roy Prins
  • 2,790
  • 2
  • 28
  • 47
  • 1
    Some ideas here: [Cross-Domain Cookies](https://stackoverflow.com/questions/3342140/cross-domain-cookies) – Supersharp Dec 04 '18 at 22:19
  • Thanks for that. The top-voted answer (redirect and direct back) is not going to work, because I don't control the domain. There seems to be some disagreement whether cross domain cookies work (they may with the right headers). Also not sure how secure that would be, so I have some research left to do. – Roy Prins Dec 05 '18 at 08:06

0 Answers0