SAP Knowledge Base Article - Preview

2542903 - Support of the X-Frame-Options Header ALLOW-FROM property

Symptom

  • You have an application or resource which will set the X-Frame-Options header as recommended to prevent Clickjacking attacks
  • You have configured the application/web server to include the ALLOW-FROM parameter, which will include the Enterprise Portal domain. Your header is now sent as:
    X-Frame-Options: ALLOW-FROM https://enterpriseportal.company.com/
  • In some browsers, such as Google Chrome the application or resource will still refuse to render inside of an iframe
      

Read more...

Environment

  • SAP NetWeaver Release independent

Product

SAP NetWeaver all versions

Keywords

x, frame, options, clickjacking, click, jacking, click-jacking, iframe, iframes, frames, frame, allow, from, whitelist, exclude, portal, fiori, server, webkit, web kit, safari, firefox, ie, edge, internet, explorer, microsoft, apple, google, opera, mozilla, android, ios , KBA , EP-PIN-AI , Application Integration , CA-UI2-INT-BE , Please use CA-FLP-ABA , EP-PIN-NAV-FFP , Fiori Framework Page , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.