Hi guys,
In AEM 6.2 release notes it says AEM has capability of adding X-FRAME-OPTIONS to response headers.
This is what is in docs:
The documentation doesnt state where that can be configured.
Where can I configure that? On OSGI?
Thanks.
Solved! Go to Solution.
Hi guys,
Follows what Adobe responded:
Could you please open this page [1] and review the property "Additional response headers"? Add the value "X-Frame-Options=SAMEORIGIN" and validate.
Let me know if you have any question.
[1] http://<host>:<port>/system/co
Also , an image of the configuration:
https://www.screencast.com/t/1Tf6AAZGaAG
Hope that helps community.
Tks.
I found this:
To prevent clickjacking we recommend that you configure your webserver to provide the X-FRAME-OPTIONS HTTP header set to SAMEORIGIN.
For more information on clickjacking please see the OWASP site.
Which points to https://www.owasp.org/index.php/Clickjacking
Looks like this is configured at the web server level.
Views
Replies
Total Likes
Thanks Scott.
I will file a ticket and check the right approach.
Rgds,
Views
Replies
Total Likes
Hi
Please do Share this this the community for future references.
~kautuk
Views
Replies
Total Likes
Hi guys,
Follows what Adobe responded:
Could you please open this page [1] and review the property "Additional response headers"? Add the value "X-Frame-Options=SAMEORIGIN" and validate.
Let me know if you have any question.
[1] http://<host>:<port>/system/co
Also , an image of the configuration:
https://www.screencast.com/t/1Tf6AAZGaAG
Hope that helps community.
Tks.
Hi,
I have followed the instructions updated by you. But AEM still shows warn message in Operations Dashboard.
Kindly let me know if I need to configure else where in AEM to close this warn message in Operations Dashboard.
Note: I'm using AEM 6.1 with SP2 + CFP9
Thanks and Regards,
Ruben Fernando
Views
Replies
Total Likes
Views
Likes
Replies