Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Clickjacking Prevention

    Preventing Clickjacking

    To control iFrame enbedding options, you must have the following role:
    • General System Administrator

    Clickjacking is an attack that tricks users by showing them an innocuous page that includes real controls from sensitive pages. These controls are disguised through the use of background frames that mask off everything except the control, and the user cannot tell that they are actually clicking on a sensitive function on some other website. This can cause users to unwittingly download malware, provide credentials or sensitive information, transfer money, or purchase products online.

    To prevent clickjacking via ExLibris products, ExLibris has adopted a policy-based mitigation technique. Now institutions can instruct the browser about appropriate actions to perform if their site is included inside an iFrame.

    Modifying this page may break UI integrations from other products. In case of any doubts as to how to use this page, consult Ex Libris Customer Support.


    To set the actions to perform if your site is included inside an iFrame:
    1. Open the iFrame Embedding Options table (Configuration > General > iFrame Embedding Options). 
    2. For the desired product and component, select Customize in the row actions.

      Alma Management and Esploro Management cannot be framed. This configuration cannot be edited. 

    3. In the Action column, select the appropriate action to perform if your site is included inside an iFrame:
      • Allow all (default option) -  Allow all pages to load this page inside an iFrame.
      • Allow protected - Only trusted pages are permitted to load this page inside an iFrame. If you selected this option, in the Safe Domain column indicate the trusted URLs (no limit on the number of URLs you can specify, list multiple URLs with a blank space between them).
      • Block All - Deny all attempts to frame the page.
    4. Click Save.  
    • Was this article helpful?