Symptom
- The Clickjack Filter is an opt-in feature. If customer concerns about clickjacking attack. This filter will set the proper browser response header that instruct the browser to not allow framing from other domains, but only accept the one that is trusted as specified in the token
- Does SuccessFactors have a way to prevent clickjacking?
Environment
-
BizX Platform
Resolution
Clickjack Filter Configuration
- The Clickjack Filter is an opt-in feature. Please open a support ticket to have this option enabled in your instance.
- If you are concerned about clickjacking attack this filter will set the proper browser response header that instruct the browser to not allow framing from other domains, but only accept the one that is trusted as specified in the token. The token generated based on the customer’s trusted domain should be appended to the URL when framing Successfactors application.
- Only Partners of Support can enable this: Provisioning > Company Settings > Enable Clickjacking Filter
- Same Original Domain Only (Not allowing different trusted domain)
- Define Trusted Domain (Only available for IE 8+ or Firefor 18+ browsers)
Keywords
security, attack , KBA , sf bizx system/platform , sf security , LOD-SF-PLT , Foundational Capabilities & Tools , How To
Product
SAP SuccessFactors HCM Core all versions