Unable to display CEM content Dashboard/Reports in Sharepoint frame
Executing a link, for example:
"...Publisher of this content does not allow it to be displayed in a frame (see attachement)
If allowed, what\where do we change the Jetty Webserver configuration?
Any other suggestions are welcome
you can change the property introscope.enterprisemanager.webserver.jetty.configurationFile in IntroscopeEnterpriseManager.properties to point to a custom jetty config file. Use em-jetty-config.xml in <EM>/config as base for your changes.
Unfortunately I can't tell you what you have to change.
Hi Guenter, Thank you for pointing us in the right direction,
We are pursuing a setting - XFRAME_OPTIONS_DEFAULT=DENY/SAMEORIGIN but still to be confirmed how to apply it in APM Web Server
the setting is probably hidden deep in one of the EM plugins. The easier way might be to route the request through an Apache and remove the header as described in iframe - Overcoming "Display forbidden by X-Frame-Options" - Stack Overflow:
Or you can edit .htaccess if you want to remove X-Frame-Options from an entire directory. Just add the line: Header always unset X-Frame-Options
Header always unset X-Frame-Options
I will follow up on the options mentioned and feedback soon
Once again, thank you
a Change was required in web.xml file located in com.wily.apm.tess_<version>.jar file HOWEVER do not implement this in Production - it will, apparently, expose you to ClickJacking!!
glad to hear you got it working . Unless the SharePoint page is exposed to the public Internet ClickJacking should not be a problem.
Here is a link: Clickjacking Defense Cheat Sheet - OWASP. Did you remove the X-Frame-Options header completely or set it to ALLOW-FROM uri? That only works on IE9+ and FF18+