Security
Embedding the Persona iframe
The Embedded Flow boots an iframe that loads Persona. If you'd like to restrict the allowed domains or URI schemes that are allowed to boot the Embedded Flow, you can configure allowlists in the Integration Section page within the Persona dashboard.
The Persona iframe has several limitations around when embedding is allowed.
- Only inquiry templates with published versions can be embedded. Draft inquiry template versions cannot be embedded.
- Embedding in
localhost
is only allowed for Sandbox environments. - If Allowed Domains are configured, the iframe can only be embedded on pages on these domains. Note that subdomains need to be configured separately.
Updated about 2 years ago