oidc-client is not able to check session because 'X-Frame-Options' header is set to 'sameorigin' #237

kubakeil · 2019-04-02T05:26:51Z

oidc-client in SPA application loaded from different host than STS.Identity server is not able to check session http://localhost:5000/connect/checksession.
The check is executed within IFrame and STS.Identity has currenly set Xfo to SameOrigin app.UseXfo(options => options.SameOrigin());

This also likely re-introduce some fixed IdentityServer issues e.g. IdentityServer/IdentityServer4#1224

The text was updated successfully, but these errors were encountered:

skoruba · 2019-04-02T07:31:51Z

Thanks!

…ause of issue: #237; Prepare template scripts;

skoruba · 2019-04-04T06:24:10Z

Fixed on dev.

skoruba · 2019-04-04T10:53:00Z

Done on master. Please check new release.
Thanks!

skoruba self-assigned this Apr 2, 2019

skoruba added bug Something isn't working priority: high labels Apr 2, 2019

skoruba added a commit that referenced this issue Apr 4, 2019

Update IdentityServer4 to version 2.4.0; Remove middleware UseXfo bec…

b469299

…ause of issue: #237; Prepare template scripts;

skoruba mentioned this issue Apr 4, 2019

Beta version 6 #240

Merged

skoruba closed this as completed Apr 4, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oidc-client is not able to check session because 'X-Frame-Options' header is set to 'sameorigin' #237

oidc-client is not able to check session because 'X-Frame-Options' header is set to 'sameorigin' #237

kubakeil commented Apr 2, 2019

skoruba commented Apr 2, 2019

skoruba commented Apr 4, 2019

skoruba commented Apr 4, 2019

oidc-client is not able to check session because 'X-Frame-Options' header is set to 'sameorigin' #237

oidc-client is not able to check session because 'X-Frame-Options' header is set to 'sameorigin' #237

Comments

kubakeil commented Apr 2, 2019

skoruba commented Apr 2, 2019

skoruba commented Apr 4, 2019

skoruba commented Apr 4, 2019