Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Work Tasks

TABLE OF CONTENTS

Prevent Clickjacking Attack

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 12, 2021
  • 1 minute read

Clickjacking is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on. This potentially reveals the users confidential information. It is a browser security issue and is a vulnerability across a variety of browsers and platforms. The X-Frame-Options header is known to be a good measurement against the Clickjacking attacks.

AVEVA Work Tasks is secured against Clickjacking attacks as X-Frame-Options are set for SAMEORIGIN value. SAMEORIGIN means that the page can only be displayed in a frame on the same origin as the page itself.

For custom pages, we recommend that the page load event must have commands to remove the X-Frame-Options header if other application references are in the page. Use the following command to remove the X-Frame-Options header:

Page_Load()

HttpContext.Response.Headers.Remove("X-Frame-Options");

Alternatively, add appSettings key in Repository web.config file available in  <Installed path>\Web\BPMUITemplates\Default as given below:

<add key="X-Frame-Options_SameOrgin" value="OFF"/>

Related Links
TitleResults for “How to create a CRG?”Also Available in