返回
-
标题
Failing security scan: Web Application Potentially Vulnerable to Clickjacking -
说明
Failing security scan: Web Application Potentially Vulnerable to Clickjacking. Does CAM send the X-Frame-Options HTTP header? -
解决办法
The X-Frame-Options option is not set when the user goes to the root of CAM i.e. https://<hostname>. However, at this point CAM then redirects the user to an actual CAM URL to start the login process e.g. https://<hostname>/CloudAccessManager/RPSTS/Saml2/Default.aspxFrom this point the X-Frame-Options SAMEORIGIN header is set.