Is there a way to insert "X-FRAME-OPTIONS = SAMEORIGIN" into
the__response_ header sent back to the browser by the Identity Server ?
There seems to be all sorts of hooks to insert headers into what is
passed to the protected resource on the inside, but I can't find a way
to insert into the header coming back.

Or, can someone definitely explain why this shouldn't be necessary?

Thanks,
Mike


--
mstatman
------------------------------------------------------------------------
mstatman's Profile: https://forums.netiq.com/member.php?userid=1078
View this thread: https://forums.netiq.com/showthread.php?t=48248