From version 8.0 Cloud Access Manager sets the X-Frame-Options header by default for all proxy applications. Page will not load. (4285659)

Converse agora com nosso suporte

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

From version 8.0 Cloud Access Manager sets the X-Frame-Options header by default for all proxy applications. Page will not load.
Descrição

From Cloud Access Manager v8.0 the X-Frame-Options header is now set for all proxy applications by default; this stops them from being loaded into iframes in other sites/applications except where both the site and iframe content come from the SAMEORIGIN (full details can be found here: http://tools.ietf.org/html/rfc7034). This can affect bespoke portal content where iframe content is hosted from a different server to the main portal e.g. the Office Webapps server farm for SharePoint 2013.
Causa

Code change. The change was made to protect Cloud Access Manager applications against Cross-Site Scripting attacks (XSS).
Resolução

To disable setting the X-Frame-Options header for a particular application and allow it to be loaded in an iframe on another application page, please do the following:
1 - Go to Admin UI Page
2 - Select Settings > Tune the Cloud Access Manager Proxy
3 - Add the following proxy property:
Property name: cam.disableAddingXFrameOptionsHeader
Value: true
Enabled: On
Application: set to the app that is loaded within an iframe of another app

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Conteúdo recomendado

Título