Scenario:
When running a security scanner against JasperServer app, a report indicates that JasperServer is vulnerable to clickjacking. What can be done to avoid this issue?
Solution:
By default clickjacking protection is not enabled but you can enable it in applicationContext-security-web.xml, find the bean:
<bean id="webAppSecurityFilter" class="com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter">
<property name="antiClickJackingEnabled" value="false"/>
<property name="antiClickJackingOption" value="SAMEORIGIN"/>
Switch the antiClickJackingEnabled to true and restart. The information about possible options is contained in the bean comments.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now