Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevent login page in iFrame

Former Member

‎01-30-2015 6:30 AM

0 Kudos

Hi Experts,

Please help us to prevent the SAP login page in cross iFrame scripting for security purpose.

Thanks
Sarita

3 REPLIES 3

Private_Member_69416
Active Participant

‎01-30-2015 7:10 AM

0 Kudos

Hi

2028904 - Cross-Frame Scripting protection in SAP ABAP HTTP logon application

Regards

Przemek

Former Member
In response to Private_Member_69416

‎01-30-2015 7:46 AM

0 Kudos

Hi Przemek,

Thank you for your response.

We are using login page which is in html and javascript.

Will this work for this type of login page also.

Thanks

Sarita

martin_voros
Active Contributor
In response to Private_Member_69416

‎01-30-2015 8:24 AM

0 Kudos

Hi Sarita,

the solution from SAP is implemented in Javascript. You can see the code in corresponding correction. Basically, what it does is that it includes Javascript code that gets executed right after load. It checks if page is included in iFrame or not. If yes then it hides SAP logon frame.

There is another method provided by browsers based on HTTP header X-FRAME-OPTIONS. This allows server to let browser know if site should be allowed inside iframe. This does not seem to be supported by ABAP AS. It would be great if it was possible to enable this for some ICF nodes. Based on some OSS notes it seems like this is enabled by default in CRM but it will be probably CRM UI feature.

Cheers