Add support for setting X-FRAME-OPTIONS and CSP about authentik HOT 2 OPEN

I've now tested oidc-client-ts with Keycloak, which doesn't set X-FRAME-OPTIONS to DENY and has

Content-Security-Policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';

I wonder how no one else ever had an issue or has reported any issue with authentik when used in a SPA or PWA.
Is everyone just using confidential clients? In that case of course this issue never surfaces.
Or people just generally don't use oidc and just use this for ready-made apps.

I also wonder why I can't add this application I created with its provider to the default outpost.
Would that fix that problem? No idea.
Likewise I'm not sure if Go is doing the oidc serving or if python is part of that anywhere.
One picks Go for performance and resource usage, when you just have a proxy with Go in front of a Python API, that's quite non-sensical.
But maybe I got it all wrong.

All I know is, oidc-client-ts with authentik can't refresh/renew tokens and I'm getting a timeout and an error in chromium that the request was denied because X-FRAME-OPTIONS is set to DENY, and there is no way I can see that I can add them on a per provider or application basis in authentik.

So for me authentik is unable to perform its purpose.
I'll have to look elsewhere, also because there has been ZERO feedback.

from authentik.

It's be really a good option if we can control X-Frame-Options. Try to fix my app refresh a few hours, buy only now realize this is Authentik trouble. As a temporary solution for Chrome - this extention works for me

UPD: For me increasing time at provider setting make life really better

from authentik.