|
Our latest PCI scan told us we had to the X-frame-options setting to our
apache config in order to prevent clickjacking attacks. Doing so breaks
some services we provide for our own use on other web servers where we need
to show data from our iSeries in a frame on a page. Sharepoint is one such
place where we use an iframe that points to an iSeries URL that returns
html code to be displayed in the frame. In one instance that shows a
student their faculty's office hours and office location. A service we need
to still provide but we x-frame-options set on the iSeries apache server
will deny the request. We looked into the setting on the x-frame-option
that is supposed to allow this to work for a single defined remote server
but not all browsers support that extension and we have 3 different servers
that all use iframes in a similar fashion. One of them is even a cloud
service. The only options we have come up with so far are not great. One
is to replace the iframe with a lin
k that when clicked opens a small window with the data. And another is to
generate the html code once a day for each possible faculty member and send
individual html files to the remote server and have the remote server point
to itself in the iframe
Mike Cunningham
VP of Information Technology Services/CIO
Pennsylvania College of Technology
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.