From version 8.0 Cloud Access Manager sets the X-Frame-Options header by default for all proxy applications. Page will not load. (4285659)

立即与支持人员聊天

反馈已提交

本文是否解决了您的问题？

选择评级

标题

From version 8.0 Cloud Access Manager sets the X-Frame-Options header by default for all proxy applications. Page will not load.
说明

From Cloud Access Manager v8.0 the X-Frame-Options header is now set for all proxy applications by default; this stops them from being loaded into iframes in other sites/applications except where both the site and iframe content come from the SAMEORIGIN (full details can be found here: http://tools.ietf.org/html/rfc7034). This can affect bespoke portal content where iframe content is hosted from a different server to the main portal e.g. the Office Webapps server farm for SharePoint 2013.
原因

Code change. The change was made to protect Cloud Access Manager applications against Cross-Site Scripting attacks (XSS).
解决办法

To disable setting the X-Frame-Options header for a particular application and allow it to be loaded in an iframe on another application page, please do the following:
1 - Go to Admin UI Page
2 - Select Settings > Tune the Cloud Access Manager Proxy
3 - Add the following proxy property:
Property name: cam.disableAddingXFrameOptionsHeader
Value: true
Enabled: On
Application: set to the app that is loaded within an iframe of another app

反馈已提交

本文是否解决了您的问题？

选择评级

建议的内容

标题