You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
@brockallen I was thinking it is possible to add a content-security-policy header for endsession endpoint which just specify the frame-src , which is the embedded url. Do you think whether there is any security concern? It is may not just http/https. The client domain can be different as well.
Chrome won't load iframe because the endsession endpoint contains html try to load a client page inside a frame which is different url
The text was updated successfully, but these errors were encountered: