Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
Learn More
SOLVED

Adding X-FRAME-OPTIONS to response on AEM 6.2

Avatar

Level 2
Level 2
3/10/17 7:42:31 AM

Hi guys, 

In AEM 6.2 release notes it says AEM has capability of adding X-FRAME-OPTIONS to response headers.

This is what is in docs:

  • Added configurable X-FRAME-OPTIONS header to avoid click-jacking

The documentation doesnt state where that can be configured.

Where can I configure that? On OSGI?

Thanks.        

Views

9.2K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
3/14/17 6:04:41 AM

Hi guys, 

Follows what Adobe responded:

Could you please open this page [1] and review the property "Additional response headers"? Add the value "X-Frame-Options=SAMEORIGIN" and validate.

            Let me know if you have any question.

            [1] http://<host>:<port>/system/console/configMgr/org.apache.sling.engine.impl.SlingMainServlet

Also , an image of the configuration:

https://www.screencast.com/t/1Tf6AAZGaAG

Hope that helps community.

Tks.

View solution in original post

Views

5.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 10
Level 10
3/13/17 8:40:44 AM

I found this:

To prevent clickjacking we recommend that you configure your webserver to provide the X-FRAME-OPTIONS HTTP header set to SAMEORIGIN.

For more information on clickjacking please see the OWASP site.

Which points to https://www.owasp.org/index.php/Clickjacking

Looks like this is configured at the web server level. 

Views

5.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
3/13/17 8:54:22 AM

Thanks Scott.

I will file a ticket and check the right approach.

Rgds,    

Views

5.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Administrator
Administrator
3/14/17 2:07:49 AM

Hi 

Please do Share this this the community for future references.

~kautuk



Kautuk Sahni

Views

5.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
3/14/17 6:04:41 AM

Hi guys, 

Follows what Adobe responded:

Could you please open this page [1] and review the property "Additional response headers"? Add the value "X-Frame-Options=SAMEORIGIN" and validate.

            Let me know if you have any question.

            [1] http://<host>:<port>/system/console/configMgr/org.apache.sling.engine.impl.SlingMainServlet

Also , an image of the configuration:

https://www.screencast.com/t/1Tf6AAZGaAG

Hope that helps community.

Tks.

Views

5.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 3
Level 3
9/7/17 5:30:39 AM

Hi,

I have followed the instructions updated by you. But AEM still shows warn message in Operations Dashboard.

Kindly let me know if I need to configure else where in AEM to close this warn message in Operations Dashboard.

1294222_pastedImage_0.png

Note: I'm using AEM 6.1 with SP2 + CFP9

Thanks and Regards,

Ruben Fernando

Views

6.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to fetch multifield item's content from the below JSON in junits Solved

Views

72

Likes

0

Replies

3
How to access aem API for outside user . Solved

Views

108

Likes

0

Replies

3
How can I add localized descriptions to tags in the Tagging Edit page in AEM Solved

Views

77

Likes

0

Replies

3
Context Aware Config Issue | Page reloads on initial selection of Path Browser, preventing value selection

Views

35

Likes

0

Replies

1
Getting error if i point to same repository of blob from different instance

Views

42

Likes

0

Replies

0