Phoenix LiveView in an iframe

This thread, along with others, also came up in my search results when I was trying to solve embedding a LiveView in an iframe.

So linking here to my current solution/conclusion:


After trying several things I gathered around the internet, I found the 3 minimal steps which limit security-related changes to the embeddable LiveViews only.

  • Separate LiveView Socket.
  • Separate Router Pipeline replacing x-frame-options HTTP header with a restrictive CSP.
  • Separate layout for embeddable LiveViews independent from session-based assigns.