Lets assume am leveraging Private Embedding to embeds my looker via an iframe from my site eg https://mysite.com
I have already disabled the Same-Origin Protections for Looker Login Pages so that Looker can display the login page in the iframe for un-authenticated users.
Do I still need to enable domain allowed list for it to work. Is the domain allowed list a compulsory set up or is it a mattter of choice. Please I need to know why. Any explanation will be appreciated. lets assume below is my iframe code for private embedding
<iframe src="https://myinstance.looker.com/embed/looks/4?allow_login_screen=true"></iframe>
Thanks