IBM BPM and Cross Frame Scripting
owenc 1000003T00 Visits (4201)
Cross Frame Scripting is something that IBM BPM does not prevent out of the box.
The reason is because some IBM BPM users are embedding BPM as an iframe into their intranet portal.
The solution is to add a X-Frame-Options header either in the HTTP Server configuration or in IBM BPM
In IBM BPM:
In BPM 126.96.36.199, an undocumented Deployment Environment level custom property was introduced for setting this header in a ServletFilter in front of all significant web modules:
The recommended approach is to set the header in the IHS configuration.