Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Esploro

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Esploro
    3. Product Documentation
    4. Esploro Online Help (English)
    5. Ongoing Maintenance and Administration
    6. Clickjacking Prevention

    Clickjacking Prevention

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Preventing Clickjacking
    2. Additional References

    Preventing Clickjacking

    To control iFrame enbedding options, you must have the following role:
    • General System Administrator

    Clickjacking is an attack that tricks users by showing them an innocuous page that includes real controls from sensitive pages. These controls are disguised through the use of background frames that mask off everything except the control, and the user cannot tell that they are actually clicking on a sensitive function on some other website. This can cause users to unwittingly download malware, provide credentials or sensitive information, transfer money, or purchase products online.

    To prevent clickjacking via ExLibris products, ExLibris has adopted a policy-based mitigation technique. Now institutions can instruct the browser about appropriate actions to perform if their site is included inside an iFrame.

    Modifying this page may break UI integrations from other products. In case of any doubts as to how to use this page, consult Ex Libris Customer Support.

     

    To set the actions to perform if your site is included inside an iFrame:
    1. Open the iFrame Embedding Options table (Configuration > General > iFrame Embedding Options). 
    2. For the desired product and component, select Customize in the row actions.

      Alma Management and Esploro Management cannot be framed. This configuration cannot be edited. 

    3. In the Action column, select the appropriate action to perform if your site is included inside an iFrame:
      • Allow all (default option) -  Allow all pages to load this page inside an iFrame.
      • Allow protected - Only trusted pages are permitted to load this page inside an iFrame. If you selected this option, in the Safe Domain column indicate the trusted URLs (no limit on the number of URLs you can specify, list multiple URLs with a blank space between them).
      • Block All - Deny all attempts to frame the page.
    4. Click Save.  

    Additional References

    • Ongoing Maintenance and Administration in Esploro
    • Esploro Integration
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Supporting LDAP in the Esploro Research Hub
      • Configuring Cloud Apps
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Esploro
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved