SAP Notes

Whitelist service for Clickjacking Framing Protection in AS ABAP

Leave a Comment on Whitelist service for Clickjacking Framing Protection in AS ABAP

SAP Note 2142551 – Whitelist service for Clickjacking Framing Protection in AS ABAP

SAP Note 2389051 – ICF service for Clickjacking Framing Protection is not active

Version 4 from Mar 26, 2019 in English:

Resolution

  1. Start Transaction SICF.
  2. Go to default_host-> sap -> public-> bc -> uics.
  3. Activate service UICS and WHITELIST (which can be located under node UICS).

Standard protection measures against Clickjacking (X-FRAME-OPTIONS header) are not suitable for common NetWeaver integration scenarios.

Therefore SAP is providing a whitelist based framework for NetWeaver technologies.

This framework and its implementation are described in SAP Note 2319727.

Related Post

SAP Note 2746697 – Active Import Feedback – Additional information

SAP Security Optimization

2488216 – Unable to assign a system alias (/IWFND/MAINT_SERVICE) because the client role (SCC4) is locked

SAP PowerDesigner (PD) 16.6 – Support for PostGreSQL

ABAP Security and Identity Management at SAP Security

note 3385333 – CRM_ORDER_DELETE for S/4

Leave a Comment

Your email address will not be published. Required fields are marked *

Click here to draw a picture to include in your comment.