When unauthenticated users access our community on the iframe (try it here) and click "๐" or "Log in" within the iframe > the iframe errors out giving a White-Screen-of-Death.
The issue is a 302 redirect error; since the iframe is trying to redirect the user to authenticate, but the iframe source (Hub.LiteralApp.com) is considered by the browser to be a different domain than the iframe host (www.LiteralApp.com). Basically iframe security protocols don't allow for redirects when those domains don't match.
MY QUESTION: There has to be a way around this, right? (ex: adding my host domain to the bettermode CORS policy headers is the obvious fix) - Otherwise, without JWT, what's the use case for the iframe? (Unless... Can you set your custom domain to be a page URL? ex: instead of MySite.com it's set to MySite.com/hub?)