问题
I have an aspx page embedded in Dynamics CRM. The aspx page uses openId and an adfs application group to authenticate and has been working up until security update KB4493473 (it is an assumption that the update is causing the issue). Prior to the update, when the user loaded the CRM form, the iframe would seamlessly load without issue or authentication prompts. Since the update, the console gives this message: 'https://sts...... &x-client-SKU=ID_NET451&x-client-ver=5.2.1.0' in a frame because it set 'X-Frame-Options' to 'deny'.
I have not found any way to have adfs NOT send that x-frame header, is there any workaround here?
回答1:
We had a similar problem since some week on a project I work on (iFrame integration not working any more because of ADFS, apparently since May Windows cumulative update has been installed)
Luckily, a colleague found a workaround with this ADFS PowerShell command :
Set-AdfsResponseHeaders -RemoveHeaders "X-Frame-Options"
This command is documented for ADFS 2019 (but works on ADFS 4 too) : https://docs.microsoft.com/fr-fr/windows-server/identity/ad-fs/operations/customize-http-security-headers-ad-fs
Hope this will help. Regards,
来源:https://stackoverflow.com/questions/56131969/adfs-4-x-frame-options-to-deny