keycloak-aplcache

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
index 4448aa1..acd95bb 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
@@ -17,13 +17,19 @@
 
 package org.keycloak.protocol.oidc.endpoints;
 
+import org.jboss.logging.Logger;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.keycloak.Config;
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.utils.RedirectUtils;
 import org.keycloak.common.util.StreamUtil;
 import org.keycloak.common.util.UriUtils;
+import org.keycloak.saml.common.util.StringUtil;
+import org.keycloak.services.validation.Validation;
+import org.keycloak.theme.Theme;
+import org.keycloak.theme.ThemeProvider;
 
 import javax.ws.rs.GET;
 import javax.ws.rs.Produces;
@@ -41,10 +47,14 @@ import java.io.InputStream;
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
 public class LoginStatusIframeEndpoint {
+    private static final Logger logger = Logger.getLogger(LoginStatusIframeEndpoint.class);
 
     @Context
     private UriInfo uriInfo;
 
+    @Context
+    protected KeycloakSession session;
+
     private RealmModel realm;
 
     public LoginStatusIframeEndpoint(RealmModel realm) {
@@ -95,15 +105,32 @@ public class LoginStatusIframeEndpoint {
             throw new WebApplicationException(Response.Status.BAD_REQUEST);
         }
 
+        ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
+        Theme theme;
+        try {
+            theme = themeProvider.getTheme(realm.getLoginTheme(), Theme.Type.LOGIN);
+        } catch (IOException e) {
+            logger.error("Failed to create theme", e);
+            return Response.serverError().build();
+        }
+
         try {
             String file = StreamUtil.readString(is);
             file = file.replace("ORIGIN", origin);
 
+            Response.ResponseBuilder response = Response.ok(file);
+
+            String p3pValue = theme.getProperties().getProperty("sessionIframeP3P");
+            if (!Validation.isBlank(p3pValue)) {
+                // This header is required by IE, see KEYCLOAK-2828 for details.
+                response.header("P3P", p3pValue);
+            }
+
             CacheControl cacheControl = new CacheControl();
             cacheControl.setNoTransform(false);
             cacheControl.setMaxAge(Config.scope("theme").getInt("staticMaxAge", -1));
 
-            return Response.ok(file).cacheControl(cacheControl).build();
+            return response.cacheControl(cacheControl).build();
         } catch (IOException e) {
             throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
         }

diff --git a/themes/src/main/resources/theme/base/login/theme.properties b/themes/src/main/resources/theme/base/login/theme.properties
index 27f59f5..23e89f9 100644
--- a/themes/src/main/resources/theme/base/login/theme.properties
+++ b/themes/src/main/resources/theme/base/login/theme.properties
@@ -1 +1,2 @@
-locales=ca,de,en,es,fr,it,pt-BR
\ No newline at end of file
+locales=ca,de,en,es,fr,it,pt-BR
+sessionIframeP3P=CP="This is not a P3P policy!"