We already support an anti-click jacking filter this should be available in 8.1
SP2.
Refer following commented section in Mid-Tier web.xml
<!-- CLICKJACKING FILTER
Default value for mode is
SAMEORIGIN
SAMEORIGIN = Allow Midtier pages
to be framed by pages from the same domain.
DENY = Dont allow Midtier pages to
be framed
ALLOW-FROM URL = Allows Midtier to
be framed by pages from a specific URL -->
<!-- <filter>
<filter-name>CLICKJACKFILTER</filter-name>
<filter-class>com.remedy.arsys.support.ClickJackFilter</filter-class>
<init-param>
<param-name>mode</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CLICKJACKFILTER</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
The CLICKJACKFILTER needs to be un commented in Mid-Tier web.xml, Mid-Tier
web.xml should be saved and Mid-Tier should be restarted for the protection to
take effect.
Thx & Regards
--- Abhijit Rajwade
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
