- You have an application or resource which will set the X-Frame-Options header as recommended to prevent Clickjacking attacks
- You have configured the application/web server to include the ALLOW-FROM parameter, which will include the Enterprise Portal domain. Your header is now sent as:
X-Frame-Options: ALLOW-FROM https://enterpriseportal.company.com/
- In some browsers, such as Google Chrome the application or resource will still refuse to render inside of an iframe
- SAP NetWeaver Release independent
x, frame, options, clickjacking, click, jacking, click-jacking, iframe, iframes, frames, frame, allow, from, allowlist, exclude, portal, fiori, server, webkit, web kit, safari, firefox, ie, edge, internet, explorer, microsoft, apple, google, opera, mozilla, android, ios , KBA , whitelist , EP-PIN-AI , Application Integration , CA-UI2-INT-BE , Please use CA-FLP-ABA , EP-PIN-NAV-FFP , Fiori Framework Page , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.