Hi,
I have built an embedded app with a custom login page to allow specific users access using an external api and some javascript. Some users are experiencing malware warnings and I am not sure what is causing it at the moment.
Welcome to the community, @maxhatched! It's not uncommon for some security software to flag embedded apps with a domain that is different from the top level. We include a quick note about this in our docs and typically recommend that you define a custom domain for your Retool org. Let me know if you have any additional questions!
The aim is not to embed the app in other applications but to allow clients to access the retool app using a custom authentication layer within retool. The top level domain remains the same. This warning is triggered when opening the link through a Microsoft tool like teams.
Can you share the full URL that you're linking out to? It feels like this is probably just a symptom of an overly sensitive security setting in certain software, but I can try to to identify the offending page content.
Have you had a chance to revisit this, @maxhatched?