Skip to main content
ExLibris
Ex Libris Knowledge Center

How to turn on 'No Frame Filter' in WebVoyage to prevent clickjacking

Overview

- The 'No Frame Filter' option in WebVoyage determines if WebVoyage can be displayed with an iframe.

- Configuring 'No Frame Filter' to "DENY" will secure the WebVoyage from iframe related vulnerabilities e.g. "Clickjacking"

- Third-party security scans may idenity WebVoyage as being vulnerable to "Clickjacking"and may recommend configuring the "X-Frame-Options" header, however if the 'No Frame Filter" option is configured to DENY, then this is unneccesary, and is a false-positive.

Goal

- Configure the 'No Frame Filter for WebVoyage

 

- Altered the mode parameter value for 'No Frame Filter' in web.xml

First Step

Log in to the Voyager server and open the WebVoyage web.xml file in a text editor. This file is located at : /m1/voyager/xxxdb/tomcat/vwebv/context/vwebv.

 

  • Was this article helpful?
//Feedback