Disable CSP for frames (#1138)

2017-01-20 06:29:49 +00:00 · 2017-01-20 06:29:49 +00:00 · 9827d0e888
commit 9827d0e888
parent 1491ad4515
1 changed files with 4 additions and 0 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@ -200,6 +200,10 @@ sub run {

        $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );

+        # Disable Content-Security-Policy header since logout can be embedded
+        # in a frame
+        $req->frame(1);
+
        # GET parameters
        my $logout_url = $req->param('url');