diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 4fc1c273d..9180f2126 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -200,6 +200,10 @@ sub run {
 
         $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
 
+        # Disable Content-Security-Policy header since logout can be embedded
+        # in a frame
+        $req->frame(1);
+
         # GET parameters
         my $logout_url = $req->param('url');