Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Commit

Permalink
remove XFO from end session callback iframe #1224
Browse files Browse the repository at this point in the history
  • Loading branch information
@brockallen
brockallen committed Aug 5, 2017
1 parent b534238 commit 3190c90
Showing 1 changed file with 0 additions and 17 deletions.
17 changes: 0 additions & 17 deletions src/IdentityServer4/Endpoints/Results/EndSessionCallbackResult.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ public async Task ExecuteAsync(HttpContext context)
else
{
context.Response.SetNoCache();
AddXfoHeaders(context);
AddCspHeaders(context);

var html = GetHtml();
Expand Down Expand Up @@ -92,22 +91,6 @@ private void AddCspHeaders(HttpContext context)
}
}

private void AddXfoHeaders(HttpContext context)
{
if (!context.Response.Headers.ContainsKey("X-Frame-Options"))
{
var logoutPageUrl = _options.UserInteraction.LogoutUrl;
if (logoutPageUrl.IsLocalUrl())
{
context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
}
else
{
context.Response.Headers.Add("X-Frame-Options", $"ALLOW-FROM {logoutPageUrl.GetOrigin()}");
}
}
}

string GetHtml()
{
string framesHtml = null;
Expand Down

0 comments on commit 3190c90

Please sign in to comment.