X-Frame-Options settings on Undertow overwrites the settings on RH-SSO REALM side
Issue
- Setting a Realm's Security Defenses
X-Frame-Options
Header value to "ALLOW-FROM http://..." does not take effect when theX-Frame-Options
filter setting at EAP server level (EAP Undertow) which is set with "SAMEORIGIN" - Realm's Security Defenses
X-Frame-Options
Header value setting is being overridden byX-Frame-Options
filter setting at EAP server level (EAP Undertow)
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.