x-frames-options does not permit framing

[Adrien Pery]

Hi,

I am on CAS v6.1.0 RC4. Everythings works fine but i want to allow
iframe for a specific service.
Is it possible ?

I read
https://apereo.github.io/cas/6.0.x/configuration/Configuration-Properties.html#http-web-requests
https://apereo.github.io/cas/6.0.x/services/Configuring-Service-Http-Security-Headers.html

If i put "cas.httpWebRequest.header.xframeOptions=ALLOWALL" in my
cas.properties it's ok iframe is allowed for all services but is it
possible to just allow only a specific service ?

I tried to add something like this in my service :

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https?://toto.uang/.*",
  "name" : "toto",
  "id" : 100501,
  "description" : "toto",
  "properties" : {
    "@class" : "java.util.HashMap",
    "httpHeaderXFrameOptions" : {
      "@class" :
"org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "ALLOWALL" ] ]
    }
  }
}

I tried different properties/values but it does not work.

Someone know how to allow a specific service ? (if it's possible)

thank you
--
Adrien