SAP Knowledge Base Article - Preview

2389051 - ICF service for Clickjacking Framing Protection is not active

Symptom

When calling a web based application (e.g. Web Dynpro ABAP, BSP, ITS) the following error appears:

  • 500 SAP Internal Server Error
  • ERROR: ICF service for Clickjacking Framing Protection is not active.  (termination: ERROR_MESSAGE_STATE)
  • /sap/public/bc/bsp/Design2008/themes/themename/ net::ERR_ABORTED 403 (Forbidden)
  • /sap/public/bc/uics/.../ClickjackingFramingProtection.js net::ERR_ABORTED 403 (Forbidden)


Read more...

Environment

  • SAP NetWeaver
  • Protection against Clickjacking attacks is activated 
  • Web Dynpro ABAP
  • SAP NetWeaver Application Server for SAP S/4HANA
  • ABAP PLATFORM - Application Server ABAP

Product

ABAP platform all versions ; SAP NetWeaver Application Server for ABAP for SAP S/4HANA Cloud all versions ; SAP NetWeaver all versions

Keywords

clickjacking, SICF, 403, inactive, activate, SAP Internal Server Error, UI redressing attack, Framing Protection, Framing, IFrame, UI Redressing, X-FRAME-OPTIONS, ICF-Service für ClickJacking-Framing-Protection ist inaktiv, cannot be processed in plugin mode HTTP, 031, WEBDYNPRO_RT, WDA_GDPR, forbidden, net::ERR_ABORTED, allowlist, includelist, prefer list, design2008, bsp, its, WDA, Web Dynpro ABAP, dynpro, 500 Internal Server Error, dbacockpit, dba cockpit, 500, not active , KBA , webgui , whitelist , e webdynpro_rt 031 , http_whitelist , BC-WD-ABA , Web Dynpro ABAP , BC-FES-WGU , SAP GUI for HTML , BC-FES-ITS , SAP Internet Transaction Server , BC-WD-UR , Unified Rendering , BC-MID-ICF , Internet Communication Framework , BC-FES-BUS , Netweaver Business Client , BC-BSP , Business Server Pages , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.