/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
A security report/vulnerability scan shows there is missing headers X-Frame-Options for Fiori Launchpad and SAPUI5 apps.
The report suggests to set the header values as X-Frame-Options :SAMEORIGIN.
Read more...
Environment
SAP NetWeaver AS ABAP with software component SAP_UI 754 or higher
Product
ABAP platform 1809 ; ABAP platform 1909 ; ABAP platform 2020 ; ABAP platform 2021 ; ABAP platform 2022 ; ABAP platform 2023 ; ABAP platform 2025 ; SAP NetWeaver Application Server for ABAP 7.1 ; SAP NetWeaver Application Server for ABAP 7.2 ; SAP enhancement package 1 for SAP NetWeaver Application Server for ABAP 7.1
Keywords
UCON_CHW, HTTP_WHITELIST, Clickjacking, Framing Protection, cross frame scripting vulnerability, /UI2/CL_FLP_HTTP_HANDLER , KBA , CA-FLP-ABA , SAP Fiori Launchpad ABAP Services , BC-WD-ABA , Web Dynpro ABAP , BC-MID-ICF , Internet Communication Framework , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)