Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Authorization response prevented in some iframe scenarios #1955

Closed
brockallen opened this issue Jan 8, 2018 · 3 comments
Closed

Authorization response prevented in some iframe scenarios #1955

brockallen opened this issue Jan 8, 2018 · 3 comments
Assignees
@brockallen
Labels
bug
Milestone
2.1.1

Comments

@brockallen
Copy link
Member

Currently client apps that each use their own cookie and that are composed of many sub-apps via iframes (e.g. portal style apps), our CSP frame-ancestor options blocks responses to those clients in the child iframes.

To fix this bug we will relax the frame-ancestor setting for the authorization response.

#1915
@brockallen brockallen added the bug label Jan 8, 2018
@brockallen brockallen self-assigned this Jan 8, 2018
@brockallen brockallen added this to the 2.1.1 milestone Jan 8, 2018
@brockallen brockallen mentioned this issue Jan 8, 2018
Closed
brockallen added a commit that referenced this issue Jan 8, 2018
@brockallen
relax frame-ancestors for authorize response #1955
b9244b1
@brockallen
Copy link
Member Author

fixed

@v2Shridhar
Copy link

v2Shridhar commented Feb 23, 2018
edited
Loading

Is there a workaround available if we cant upgrade IdentityServer to 2.x nuget packages? Right now we are in 1.5.2

@lock
Copy link

lock bot commented Jan 13, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@brockallen brockallen

Labels
bug
Projects
None yet
Milestone
2.1.1
Development

No branches or pull requests
2 participants
@brockallen @v2Shridhar