Jump to content
We've recently updated our Privacy Statement, available here ×

  • Clickjacking protection

    Friendly User

    By Friendly User

      • Features: JasperReports Server Version: v7.9, v7.9.0, v7.8, v7.8.1, v7.8.0, v7.5, v7.5.1, v7.5.0 Product: JasperReports® Server
     Share

    Scenario:

    When running a security scanner against JasperServer app, a report indicates that JasperServer is vulnerable to clickjacking. What can be done to avoid this issue?

    Solution:

    By default clickjacking protection is not enabled but you can enable it in applicationContext-security-web.xml, find the bean:
    <bean id="webAppSecurityFilter" class="com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter">

    <property name="antiClickJackingEnabled" value="false"/>
    <property name="antiClickJackingOption" value="SAMEORIGIN"/>


    Switch the antiClickJackingEnabled to true and restart. The information about possible options is contained in the bean comments.

     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore