I'm attempting to migrate an angular application across from Auth0 to FusionAuth. I am using angular-oauth2-oidc library to replace the Auth0 library. The issue I am having is using implicit flow and the silent refresh option. The Fusionauth server seems to deny X-Frame-Options, so silent refresh will not work. Auth0 had an option to allow X-Frame-Options in the library, but I can't find whereabouts to allow this in FusionAuth. I have added X-Frame-Options in the allowed headers of the CORS setting, but this does not seem to make a difference. Any ideas appreciated. I realise Implicit Flow is not considered best practice, however I'm trying not to rewrite the entire auth service in the angular application.
D
Posts made by dane.roe
-
X-Frame-Options and silent refresh