I have a desktop web app, with few pages requiring users log in. I do need to embed one of the free access page in an iframe located in a website. No problem, it works very well.
BUT, I also tried to put in an iframe the url of one of the restricted page. And it worked also, without any login required… For me, it’s a security breach. Any user could be able to copy paste an url, and embed it in a iframe later for (unauthorized) access without any login.
Let’s imagine a business or company app. One of the admin is fired. The day after is will be able to cause damages to the app data. It can be dramatic, it’s a security breach, don’t you think?
I think Adalo should manage to identify log in protected page, and in case a protected url (page) is accessed from the outside or without any logged in user, it should unauthorized the access and get the iframe contents sent back to the welcome page. So, manage a restricted zone.
Many thanks for your feedback!