X-FRAME-OPTIONS: SAMEORIGIN appears twice
Article ID: 190514
Updated On:
Products
CA Identity Manager
CA Identity Portal
CA Identity Suite
Issue/Introduction
The X-FRAME-OPTIONS: SAMEORIGIN Header entry is returned twice on some requests to the CA Identity Manager (IM) Identity Portal.
Example
Request
GET /sigma/rest/public/available?v=1550076277892 HTTP/1.1 |
Response
HTTP/1.1 200 OK |
Expires: 0 |
Cache-Control: no-cache, no-store, max-age=0, must-revalidate |
X-Powered-By: Undertow/1 |
Server: WildFly/8 |
X-XSS-Protection: 1; mode=block |
Pragma: no-cache
|
X-FRAME-OPTIONS: SAMEORIGIN
|
X-FRAME-OPTIONS: SAMEORIGIN
|
Date: Wed, 13 Feb 2019 16:44:38 GMT |
Connection: close
|
X-Content-Type-Options: nosniff
|
Strict-Transport-Security: max-age=31536000 ; includeSubDomains |
Content-Type: application/json;charset=UTF-8 |
Content-Length: 60{"available":true,"showPortalLoginPage":true,"version":"72"} |
Environment
Identified in Release : 14.2 CP5
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Resolution
The sameorigin directive ("X-FRAME-OPTIONS: SAMEORIGIN") allows the page to be loaded in a frame on the same origin as the page itself. Having multiple instances does not cause any functional issues. The behavior is benign.
Feedback
Yes
No
Powered by
