Hi, It has come to our knowledge that there is a vulnarability risk in webservers. We read it in this article.
https://geekflare.com/secure-apache-from-clickjacking-with-x-frame-options/ In Apache this is fixed in the file httpd.conf by addig the following line to the file. Header always append X-Frame-Options SAMEORIGIN But we run Tomcat 7 and have found out that httpd.conf is not used there. What we did find was this. Not sure though it is the right solution. Add this in file web.xml: <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class> org.apache.catalina.filters.HttpHeaderSecurityFilter </filter-class> <hstsEnabled>true</hstsEnabled> <antiClickJackingEnabled>true</antiClickJackingEnabled> <antiClickJackingOption>SAMEORIGIN</antiClickJackingEnabled> <async-supported>true</async-supported> </filter> We run Midtier Version 8.1.SP02 Patch 001 201510061543 Hotfix. Anyone that knows more about how to solve it? Best regards, Janne _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
