Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
AEM - Marketo Integration
Hello all,
So I started configuring AEM-Marketo connector and ended up with below issue
Then I started with security checklist and found that x-frame-options is set to sameorigin.
/system/console/configMgr/org.apache.sling.engine.impl.SlingMainServlet
So in-order to solve this I have below options to deal with clickjacking:
- Remove the X-frame-options header from slingmainservlet
- Install third party plugins on client machines similar to this or this -- this is not recommend for obvious reasons as this is a third party and we are installing on clients machine which will have access to user data
- Install legacy browser and use directive ALLOW-FROM -- If you apply it and the browser does not support it, then you will have NO clickjacking defense in place. So a big NOPE
I couldn’t think of any other options unfortunately. Adobe amazes me everyday, they tell us about all these awesome security recommendations and they themselves never follow it, why even give a connector which works only as an iframe..
Browser: Firefox v75.0
AEM 6.5.2
Marketo Engage - latest (SAAS)
Any suggestions on how to address this issue.
Harish
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
