Because security restrictions some times we have to use iframes in the Mobile app including a PHP script from the site:
- Private vimeo files: So the browser referral is correcty set and Vimeo can validate the domain
- ReCaptcha: Same as above, the IP/Host restriction may be enabled
The problem is that if allowframembedding is off, those scripts won't work because it won't be possible to be included in an iframe in the app.
So I think that maybe we should have a global constant like NO_DEBUG_DISPLAY or NO_MOODLE_COOKIES but in this case to override allowframembedding (something like ALLOW_FRAME_EMBEDDING)