Can I use x-frame-options to protect against clickjacking and cross-site request forgery?

Our security department has identify a vulnerability on our self service portal that allows cross-site request forgery and clickjacking due to allowing iframes openly. They have asked that we put in place a configuration of SAMEORIGIN or DENY using X-Frame-Options in our Web.config file. Is this ok to do or is there another suggested fix?

I also found this old article but our team was able to put the entire site in an iframe. https://www.adaxes.com/questions/889/adselfservice-security

by (2.3k points)

1 Answer

by (305k points)
Best answer
0 votes

Helo Mark,

Have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ConfigureWebUI.IframeEmbedding.html. On step 5, select No.

by (2.3k points)
0

Thank you for that...is there any way to keep it on but add the configuration mentioned above?

by (305k points)
0

Hello Mark,

Unfortunately, there is no such possibility.

Related questions

Can i pull the employeeID of new user to powershell script and use in an SQL query string

Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks

asked Feb 1, 2024 by Lewis (40 points)
0 votes
1 answer
How can I set up a scheduled task to run, but only once instead of against all objects?

The script create two reports of inactive workstation operating systems. The report is too detailed to run from one of the adaxes reports. Basically how can I set the script up to ... sure How I did this but I can't find it now (probably something simple).

asked Nov 30, 2022 by mightycabal (1.1k points)
0 votes
1 answer
Where can I find the ID/string used in the Approve and Deny buttons in the Approval Request E-mail?

Hi, I am working on making a custom Approval Request notification E-mail, and I'd like to include the Approve and Deny buttons, but I haven't found a way to get ... awaiting-their-approval-s212.htm Do you have any suggestions on how to best generate the URLs?

asked Oct 29, 2024 by Martin (170 points)
0 votes
1 answer
How can I use PowerShell code to get a list of scheduled task whose name match a partial search?

Using the powershell module, I know how to create a scheduled task, and also how to bind to a scheduled task that is already known. I also have used code to try creating ... same time as another. These are all one-time tasks and will be removed once executed.

asked Jan 19, 2024 by aweight (80 points)
0 votes
1 answer
How can I force Adaxes to use locally installed EMT instead of Exchange server?

Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance

asked Apr 1, 2023 by KIT (1.0k points)
0 votes
1 answer