CHANGELOG.md

+# [18.6.0](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.5...v18.6.0) (2024-07-17)
+
+
+### Features
+
+* set x-frame-options to sameorigin instead to deny ([f1da552](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/f1da5522abc004f4608b951459fdb7ec89d72aa7))
+
 ## [18.5.5](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.4...v18.5.5) (2024-07-16)
 
 

perun-oidc-server-webapp/pom.xml

@@ -21,7 +21,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.5</version>
+		<version>18.6.0</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml

@@ -134,6 +134,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:access-denied-handler ref="oauthAccessDeniedHandler" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Userinfo endpoint -->
@@ -147,6 +150,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:expression-handler ref="oauthWebExpressionHandler" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Introspection endpoint -->
@@ -163,6 +169,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Dynamic registration endpoint -->
@@ -176,6 +185,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:expression-handler ref="oauthWebExpressionHandler" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Revocation endpoint -->
@@ -192,6 +204,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Device endpoint -->
@@ -209,6 +224,9 @@
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:access-denied-handler ref="oauthAccessDeniedHandler" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- JWK endpoint -->
@@ -221,6 +239,9 @@
         <security:custom-filter ref="logRequestFilter" after="FIRST"/>
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- Well-known -->
@@ -233,6 +254,9 @@
         <security:custom-filter ref="logRequestFilter" after="FIRST"/>
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!--Static resources -->
@@ -244,6 +268,9 @@
         <security:custom-filter ref="mdcFilter" before="FIRST"/>
         <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <!-- GUI -->
@@ -255,6 +282,9 @@
         <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
         <security:expression-handler ref="oauthWebExpressionHandler" />
         <security:csrf disabled="true"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <security:http auto-config="false"
@@ -284,6 +314,9 @@
         <security:custom-filter ref="samlFilter" after="BASIC_AUTH_FILTER"/>
         <security:custom-filter ref="authProcFilters" before="LAST"/>
         <security:logout logout-url="/saml/logout"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN"/>
+        </security:headers>
     </security:http>
 
     <security:authentication-manager id="clientAuthenticationManager">

perun-oidc-server/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.5</version>
+		<version>18.6.0</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>cz.muni.ics</groupId>
 	<artifactId>perun-oidc-parent</artifactId>
-	<version>18.5.5</version>
+	<version>18.6.0</version>
 	<packaging>pom</packaging>
 
 	<modules>