dlongley
commented
3 years ago X-frame-options was deprecated in favor of CSP frame-ancestors.
Closed dlongley closed 2 years ago
dlongley
commented
3 years ago X-frame-options was deprecated in favor of CSP frame-ancestors.
dlongley
commented
2 years ago Closing this because it is no longer applicable.
Credential handlers should only be served with x-frame-options set to a value of the authn.io mediator -- this needs to be documented and added to demo handlers. I believe we used to have another issue for this somewhere but can't find it so refiling. This is to help mitigate click-jacking and serving credential handlers outside of the mediator.