Embedding a live view as an Iframe

After trying several things I gathered around the internet, I found the 3 minimal steps which limit security-related changes to the embeddable LiveViews only.

  • Separate LiveView Socket.
  • Separate Router Pipeline replacing x-frame-options HTTP header with a restrictive CSP.
  • Separate layout for embeddable LiveViews independent from session-based assigns.