Credential handlers should only be served with x-frame-options set to a value of the authn.io mediator -- this needs to be documented and added to demo handlers. I believe we used to have another issue for this somewhere but can't find it so refiling. This is to help mitigate click-jacking and serving credential handlers outside of the mediator.
Credential handlers should only be served with x-frame-options set to a value of the authn.io mediator -- this needs to be documented and added to demo handlers. I believe we used to have another issue for this somewhere but can't find it so refiling. This is to help mitigate click-jacking and serving credential handlers outside of the mediator.