/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- You have an application or resource which will set the X-Frame-Options header as recommended to prevent Clickjacking attacks
- You have configured the application/web server to include the ALLOW-FROM parameter, which will include the Enterprise Portal domain. Your header is now sent as:
X-Frame-Options: ALLOW-FROM https://enterpriseportal.company.com/ - In some browsers, such as Google Chrome the application or resource will still refuse to render inside of an iframe
Read more...
Environment
- SAP NetWeaver Release independent
Product
SAP NetWeaver all versions
Keywords
x, frame, options, clickjacking, click, jacking, click-jacking, iframe, iframes, frames, frame, allow, from, allowlist, exclude, portal, fiori, server, webkit, web kit, safari, firefox, ie, edge, internet, explorer, microsoft, apple, google, opera, mozilla, android, ios , KBA , whitelist , EP-PIN-AI , Application Integration , CA-UI2-INT-BE , Please use CA-FLP-ABA , EP-PIN-NAV-FFP , Fiori Framework Page , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)