0 votes

Our security department has identify a vulnerability on our self service portal that allows cross-site request forgery and clickjacking due to allowing iframes openly. They have asked that we put in place a configuration of SAMEORIGIN or DENY using X-Frame-Options in our Web.config file. Is this ok to do or is there another suggested fix?

I also found this old article but our team was able to put the entire site in an iframe. https://www.adaxes.com/questions/889/adselfservice-security

by (2.3k points)

1 Answer

0 votes
by (289k points)
selected by
Best answer

Helo Mark,

Have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ConfigureWebUI.IframeEmbedding.html. On step 5, select No.

0

Thank you for that...is there any way to keep it on but add the configuration mentioned above?

0

Hello Mark,

Unfortunately, there is no such possibility.

Related questions

0 votes
1 answer

Hi All, I am currently using the 30 day free trial of Adaxes and seeing if we can use it to achieve our method of user provisioning. I am looking into server-side ... variable value within an SQL query Can this be achieved? Any help is much appreciated, Thanks

asked Feb 1 by Lewis (40 points)
0 votes
1 answer

The script create two reports of inactive workstation operating systems. The report is too detailed to run from one of the adaxes reports. Basically how can I set the script up to ... sure How I did this but I can't find it now (probably something simple).

asked Nov 30, 2022 by mightycabal (1.0k points)
0 votes
1 answer

Hi, I am working on making a custom Approval Request notification E-mail, and I'd like to include the Approve and Deny buttons, but I haven't found a way to get ... awaiting-their-approval-s212.htm Do you have any suggestions on how to best generate the URLs?

asked Oct 29 by Martin (150 points)
0 votes
1 answer

Using the powershell module, I know how to create a scheduled task, and also how to bind to a scheduled task that is already known. I also have used code to try creating ... same time as another. These are all one-time tasks and will be removed once executed.

asked Jan 19 by aweight (60 points)
0 votes
1 answer

Hi, we have replaced our local Exchange server with installation of Exchange Management Tools (EMT) installed directly on Adaxes server. And my question is: How can I force ... this is how 'Set External Senders' option looks in Adaxes config Thanks in advance

asked Apr 1, 2023 by KIT (960 points)
3,552 questions
3,242 answers
8,243 comments
547,828 users