从iframe内进行WSO2IS访问
[英]WSO2IS access from within an iframe
问题描述
Is there a way to disable the X-Frame-Options header in the WSO2IS responses? 
有没有一种方法可以在WSO2IS响应中禁用X-Frame-Options标头? We need to integrate one application within another with the use of an iframe. 我们需要使用iframe将一个应用程序集成到另一个应用程序中。 Both applications are using WSO2IS for authentication though the one in the iframe will redirect to authenticate with OpenID Connect but it should return back immediately since the user has been authenticated by the parent application. 这两个应用程序都使用WSO2IS进行身份验证,尽管iframe中的一个应用程序将重定向到OpenID Connect进行身份验证,但是由于用户已由父应用程序进行身份验证,因此它应该立即返回。 Now as it is, I get X-Frame-Options: DENY headers and since the WSO2IS is located in a different domain than the application. 现在,我得到了X-Frame-Options:DENY标头,并且由于WSO2IS与应用程序位于不同的域中。 Any suggestions? 有什么建议么?
1 个解决方案
解决方案1
0 已采纳 2017-01-21 10:46:24
After a little thought and since there is no answer yet, I believe I can answer my own question. 经过一番思考,既然还没有答案,我相信我可以回答自己的问题。 Since it seems that every SSO system out there will serve the X-Frame-Options header with a DENY value, the only solution would be to pass the OpenID Connect Code from the parent application to the iframe child application as a parameter. 由于似乎那里的每个SSO系统都将为X-Frame-Options标头提供DENY值,所以唯一的解决方案是将OpenID Connect Code从父应用程序传递到iframe子应用程序作为参数。 In that way, the redirection step is not needed and thus the nested/child/whatever application can make the requests for the token and user info. 以这种方式,不需要重定向步骤,因此嵌套/子/任何应用程序都可以请求令牌和用户信息。 I don't know if this is a nice way to do it, but it seems the only way that will work with WSO2IS or any other OpenID Connect based SSO system. 我不知道这是否是一个好方法,但这似乎是唯一可以与WSO2IS或任何其他基于OpenID Connect的SSO系统一起使用的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.