search cancel

X-FRAME-OPTIONS: SAMEORIGIN appears twice

book

Article ID: 190514

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Portal CA Identity Suite

Issue/Introduction

The X-FRAME-OPTIONS: SAMEORIGIN Header entry is returned twice on some requests to the CA Identity Manager (IM) Identity Portal.

Example

Request

GET /sigma/rest/public/available?v=1550076277892 HTTP/1.1

Response

HTTP/1.1 200 OK
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Powered-By: Undertow/1
Server: WildFly/8
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
X-FRAME-OPTIONS: SAMEORIGIN
Date: Wed, 13 Feb 2019 16:44:38 GMT
Connection: close
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Type: application/json;charset=UTF-8
Content-Length: 60{"available":true,"showPortalLoginPage":true,"version":"72"}

 

Environment

Identified in Release : 14.2 CP5

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

The sameorigin directive ("X-FRAME-OPTIONS: SAMEORIGIN") allows the page to be loaded in a frame on the same origin as the page itself. Having multiple instances does not cause any functional issues.  The behavior is benign.