From 9827d0e8885e52cfad1f244ed96e6cc9b877da03 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Fri, 20 Jan 2017 06:29:49 +0000
Subject: [PATCH] Disable CSP for frames (#1138)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
index 4fc1c273d..9180f2126 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@@ -200,6 +200,10 @@ sub run {
 
         $self->lmLog( "URL $url detected as an CAS LOGOUT URL", 'debug' );
 
+        # Disable Content-Security-Policy header since logout can be embedded
+        # in a frame
+        $req->frame(1);
+
         # GET parameters
         my $logout_url = $req->param('url');