I am trying to stop any usage of my web app if it is embedded within a frame. But as I employ SS to protect the publicized URL, the first step of user accessing the URL would be they are redirected to the login page.
I append the 'X-Frame-Options' to my redirect response in hope of that would stop the redirecting if called in a frame just to find out that it does not work. It will function as expected if it is not a redirect response. But there seems to me no way I can tell from server side if the request comes from a frame or not.
Can I have some hint/helps on how to achieve the 'no redirecting if called from a frame'? Really appreciate it