for our webpanel-based Online-applications we're experiencing issues with authentication when it comes to the new online2 environments.
It seemingly worked the other day, but now all three environments (SOD2, Stage and Online2) are unable to iframe their respective login page.
Problem happens when f.instance a webpanel in sod2.superoffice.com redirects to sod.superoffice/login for authentication. The loginpage has the X-FRAME-OPTIONS set to SAMEORIGIN, and is thus blocked when iframed in sod2.superoffice.com.
Is this by design? Should we redirect to sod2.superoffice.com/login instead? If so - should we extract the correct host from the netserver_url?