Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

AEM - Marketo Integration

harishred
Level 2
Level 2

Hello all,

So I started configuring AEM-Marketo connector and ended up with below issue

Screen Shot 2020-04-17 at 4.12.50 PM.png

 

 

 

 

 

 

 

 

 

 

 

Then I started with security checklist and found that x-frame-options is set to sameorigin.

https://docs.adobe.com/content/help/en/experience-manager-dispatcher/using/getting-started/security-...

 

/system/console/configMgr/org.apache.sling.engine.impl.SlingMainServlet

So in-order to solve this I have below options to deal with clickjacking:

  1. Remove the X-frame-options header from slingmainservlet
  2. Install third party plugins on client machines similar to this or this -- this is not recommend for obvious reasons as this is a third party and we are installing on clients machine which will have access to user data
  3. Install legacy browser and use directive ALLOW-FROM  -- If you apply it and the browser does not support it, then you will have NO clickjacking defense in place. So a big NOPE

I couldn’t think of any other options unfortunately. Adobe amazes me everyday, they tell us about all these awesome security recommendations and they themselves never follow it, why even give a connector which works only as an iframe..

Browser: Firefox v75.0

AEM 6.5.2

Marketo Engage - latest (SAAS)

 

Any suggestions on how to address this issue.

 

Harish

 

6.5 Marketo Security
0 Replies