How to turn on 'No Frame Filter' in WebVoyage to prevent clickjacking
Overview
- The 'No Frame Filter' option in WebVoyage determines if WebVoyage can be displayed with an iframe.
- Configuring 'No Frame Filter' to "DENY" will secure the WebVoyage from iframe related vulnerabilities e.g. "Clickjacking"
- Third-party security scans may idenity WebVoyage as being vulnerable to "Clickjacking"and may recommend configuring the "X-Frame-Options" header, however if the 'No Frame Filter" option is configured to DENY, then this is unneccesary, and is a false-positive.
Goal
- Configure the 'No Frame Filter for WebVoyage
- Altered the mode parameter value for 'No Frame Filter' in web.xml
First Step
Log in to the Voyager server and open the WebVoyage web.xml file in a text editor. This file is located at : /m1/voyager/xxxdb/tomcat/vwebv/context/vwebv.