-
Bug
-
Resolution: Done
-
Critical
-
RH-SSO-7.0.0.GA, RH-SSO-7.1.0.GA
-
None
Clickjacking Section:
Customer question via Customer Support:
I believe there is an error in your documentation in this screenshot.
(screenshot is attached)
"You set the X-Frame-Options to "SAMEORIGIN https://www.google.com"
This is not defined as being a valid HTTP Header, and therefore the browser will most likely ignore it.
Could you please validate or not my question. If this setting is indeed valid, could you give me the necessary information which describes it as being a valid HTTP Header?"