feat: enable iframe use (#4766)

* feat: enable iframe use * cleanup * fix mocks * fix linting * docs: add iframe usage to solution scenarios configurations * improve api * feat(console): security policy * description * remove unnecessary line * disable input button and urls when not enabled * add image to docs Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
2025-08-11 19:17:32 +00:00 · 2022-12-14 07:17:36 +01:00
parent 33e973f015
commit 632639ae7f
40 changed files with 1151 additions and 45 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -448,6 +448,29 @@ service AdminService {
        };
    }

+    // Get the security policy
+    rpc GetSecurityPolicy(GetSecurityPolicyRequest) returns (GetSecurityPolicyResponse) {
+        option (google.api.http) = {
+            get: "/policies/security";
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.policy.read";
+        };
+    }
+
+    // set the security policy
+    rpc SetSecurityPolicy(SetSecurityPolicyRequest) returns (SetSecurityPolicyResponse) {
+        option (google.api.http) = {
+            put: "/policies/security";
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "iam.policy.write";
+        };
+    }
+
    // Returns an organisation by id
    rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) {
        option (google.api.http) = {
@@ -2929,6 +2952,24 @@ message UpdateOIDCSettingsResponse {
    zitadel.v1.ObjectDetails details = 1;
 }

+// This is an empty request
+message GetSecurityPolicyRequest{}
+
+message GetSecurityPolicyResponse{
+    zitadel.settings.v1.SecurityPolicy policy = 1;
+}
+
+message SetSecurityPolicyRequest{
+    // states if iframe embedding is enabled or disabled
+   bool enable_iframe_embedding = 1;
+   // origins allowed to load ZITADEL in an iframe if enable_iframe_embedding is true
+   repeated string allowed_origins = 2;
+}
+
+message SetSecurityPolicyResponse{
+    zitadel.v1.ObjectDetails details = 1;
+}
+
 // if name or domain is already in use, org is not unique
 // at least one argument has to be provided
 message IsOrgUniqueRequest {
--- a/proto/zitadel/settings.proto
+++ b/proto/zitadel/settings.proto
@@ -83,3 +83,11 @@ message OIDCSettings {
  google.protobuf.Duration  refresh_token_idle_expiration = 4;
  google.protobuf.Duration  refresh_token_expiration = 5;
 }
+
+message SecurityPolicy {
+  zitadel.v1.ObjectDetails details = 1;
+  // states if iframe embedding is enabled or disabled
+  bool enable_iframe_embedding = 2;
+  // origins allowed to load ZITADEL in an iframe if enable_iframe_embedding is true
+  repeated string allowed_origins = 3;
+}