01-30-2015 6:30 AM
Hi Experts,
Please help us to prevent the SAP login page in cross iFrame scripting for security purpose.
Thanks
Sarita
01-30-2015 7:10 AM
Hi
2028904 - Cross-Frame Scripting protection in SAP ABAP HTTP logon application
Regards
Przemek
01-30-2015 7:46 AM
Hi Przemek,
Thank you for your response.
We are using login page which is in html and javascript.
Will this work for this type of login page also.
Thanks
Sarita
01-30-2015 8:24 AM
Hi Sarita,
the solution from SAP is implemented in Javascript. You can see the code in corresponding correction. Basically, what it does is that it includes Javascript code that gets executed right after load. It checks if page is included in iFrame or not. If yes then it hides SAP logon frame.
There is another method provided by browsers based on HTTP header X-FRAME-OPTIONS. This allows server to let browser know if site should be allowed inside iframe. This does not seem to be supported by ABAP AS. It would be great if it was possible to enable this for some ICF nodes. Based on some OSS notes it seems like this is enabled by default in CRM but it will be probably CRM UI feature.
Cheers