Skip to Content
Former Member
May 31, 2017 at 03:01 PM

Use of hybris commerce in iFrame


Hi all, we would like to use hybris as default denies being opened in an iFrame to prevent clickjacking by setting X-frame option to “SAMEORIGIN”.

• # setting 'X-Frame-Options=SAMEORIGIN' to prevent clickjacking attacks • # xss.filter.header.X-Frame-Options=SAMEORIGIN

Would it be a general problem if we would remove or deactivate this setting to use hybris in an iFrame within our application?

Thanks in advance for your support. BR Jörg