ADFS 4-将"X-Frame-Options"设置为"deny" [英] ADFS 4 -'X-Frame-Options' to 'deny'
问题描述
我在Dynamics CRM中嵌入了一个aspx页面. aspx页面使用openId和adfs应用程序组进行身份验证,并且一直在进行工作,直到安全更新KB4493473(假设更新引起了该问题).在更新之前,当用户加载CRM表单时,iframe将无缝加载而不会出现问题或身份验证提示. 从更新开始,控制台将显示以下消息:' https://sts ... . .& x-client-SKU = ID_NET451& x-client-ver = 5.2.1.0',因为它会将"X-Frame-Options"设置为"deny".
我还没有找到使adfs不发送该X帧头的方法,这里有任何解决方法吗?
此命令已针对ADFS 2019进行了说明(但也适用于ADFS 4):https://sts...... &x-client-SKU=ID_NET451&x-client-ver=5.2.1.0' in a frame because it set 'X-Frame-Options' to 'deny'.
I have not found any way to have adfs NOT send that x-frame header, is there any workaround here?
We had a similar problem since some week on a project I work on (iFrame integration not working any more because of ADFS, apparently since May Windows cumulative update has been installed)
Luckily, a colleague found a workaround with this ADFS PowerShell command :
Set-AdfsResponseHeaders -RemoveHeaders "X-Frame-Options"
This command is documented for ADFS 2019 (but works on ADFS 4 too) : https://docs.microsoft.com/fr-fr/windows-server/identity/ad-fs/operations/customize-http-security-headers-ad-fs
Hope this will help. Regards,
这篇关于ADFS 4-将"X-Frame-Options"设置为"deny"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!