Is there a way to insert "X-FRAME-OPTIONS = SAMEORIGIN" into
the__response_ header sent back to the browser by the Identity Server ?
There seems to be all sorts of hooks to insert headers into what is
passed to the protected resource on the inside, but I can't find a way
to insert into the header coming back.

Or, can someone definitely explain why this shouldn't be necessary?


mstatman's Profile:
View this thread: