Protocol endpoint needs to disallow XFO

IdentityServer / IdentityServer3.WsFederation

WS-Federation Plugin for IdentityServer v3

Apache License 2.0

25 stars 36 forks source link

Protocol endpoint needs to disallow XFO #45

Closed brockallen closed 9 years ago

brockallen commented 9 years ago

To allow the <form> to submit.

brockallen commented 9 years ago

@leastprivilege any concerns? Scenario is OIDC app is trying to load <iframe> to WsFed client app. WsFed client app wants to just redirect back to IdSvr and just get a token (much like normal OIDC authorization endpoint).

brockallen commented 9 years ago

This makes me wonder if our OIDC w/ response_mode=post won't work in an iframe.

brockallen commented 9 years ago

Fixed in 2.0.1