- You have an application or resource which will set the X-Frame-Options header as recommended to prevent Clickjacking attacks
- You have configured the application/web server to include the ALLOW-FROM parameter, which will include the Enterprise Portal domain. Your header is now sent as:
X-Frame-Options: ALLOW-FROM https://enterpriseportal.company.com/
- In some browsers, such as Google Chrome the application or resource will still refuse to render inside of an iframe
- SAP NetWeaver Release independent
x, frame, options, clickjacking, click, jacking, click-jacking, iframe, iframes, frames, frame, allow, from, allowlist, exclude, portal, fiori, server, webkit, web kit, safari, firefox, ie, edge, internet, explorer, microsoft, apple, google, opera, mozilla, android, ios , KBA , whitelist , EP-PIN-AI , Application Integration , CA-UI2-INT-BE , Please use CA-FLP-ABA , EP-PIN-NAV-FFP , Fiori Framework Page , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.