2088904 - System Security: Clickjacking - How to prevent - BizX Platform

SAP Knowledge Base Article - Public

2088904 - System Security: Clickjacking - How to prevent - BizX Platform

Symptom

  • The Clickjack Filter is an opt-in feature. If customer concerns about clickjacking attack. This filter will set the proper browser response header that instruct the browser to not allow framing from other domains, but only accept the one that is trusted as specified in the token
  • Does SuccessFactors have a way to prevent clickjacking?

Environment

  • BizX Platform

Resolution

Clickjack Filter Configuration

  • The Clickjack Filter is an opt-in feature. Please open a support ticket to have this option enabled in your instance.
  • If customer concerns about clickjacking attack. This filter will set the proper browser response header that instruct the browser to not allow framing from other domains, but only accept the one that is trusted as specified in the token. The token generated based on the customer’s trusted domain should be appended to the URL when framing Successfactors application.
  • Only Partners of Support can enable this: Provisioning > Company Settings > Enable Clickjacking Filter
  •  Same Original Domain Only (Not allowing different trusted domain) 
  •  Define Trusted Domain (Only available for IE 8+ or Firefor 18+ browsers)

Keywords

KBA , sf bizx system/platform , sf security , LOD-SF-PLT , Foundational Capabilities & Tools , How To

Product

SAP SuccessFactors HCM Core all versions