Content-Security-Policy and X-Frame-Options header config in idp.properties
Cantor, Scott
cantor.2 at osu.edu
Thu Jan 10 15:57:38 EST 2019
On 1/10/19, 3:31 PM, "users on behalf of Losen, Stephen C (scl)" <users-bounces at shibboleth.net on behalf of scl at virginia.edu> wrote:
> Found out some folks here are displaying Shib IDP pages inside iFrames and that no longer works for them (IDP 3.4.2)
It's not supported regardless, I want that to be clear. We have never supported their use, dating back to V1. Adding the headers was an add-on to highlight that fact. All your users with third party cookies off are already being locked out whether you include the header or not.
> Is this an IDP bug? Or do I misunderstand how this works?
I've changed them in the past, I haven't seen anything like that. Just tested it.
-- Scott
More information about the users
mailing list