开发者

How to Restrict a SAML 302 Redirect to an IFRAME?

Is it possible to load content within an IFRAME that subsequently returns a 302 redirect, without having it redirect the entire browser window to the destination? I.e. limit the redirect to the IFRAME itself? If so, how?

EDIT1: To restate... i have an 开发者_C百科IFRAME, the source of which is a self-posting FORM. The action returns a 302 to somewhere else. When that happens, the entire page redirects. What i want is to have ONLY the IFRAME redirect, leaving the surrounding page alone.

EDIT2: To clarify further, this is an SSO SAML implementation. The IFRAME content should contain the newly signed-into application. The SSO is working correctly but the entire browser page redirects into the application, losing the containing page. The SAML aspect may not change the diagnosis that the application is "frame-busting," but it may trigger some other ideas.


It's impossible not to limit a 302 redirect to the iframe itself. An HTTP redirect occuring inside an iframe will never affect the containing page. What you're asking for is already the only behaviour you will see.

There's probably a frame busting script on the redirect target page. It's difficult to prevent an iframe from breaking out, but there are tricks to deal with that too.


I bet you are dealing with a JavaScript-based "Frame buster" on the redirection target page's end. You would have to switch that off, or have it switched off.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜