Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Praveen b (PraveenK5650) Praveen b
Accenture
US
PraveenK5650 Member since 2015 13 posts
Posted: May 10, 2017
Last activity: May 23, 2017
Posted: 10 May 2017 15:57 EDT
Last activity: 23 May 2017 14:27 EDT
Closed
Solved

Preventing Pega Applications from clickjacking attack

Hi,

I need help on preventing pega application from clickjacking attack. Please let me know if you have information. Thank you.

Regards,

Praveen.

Security
Posted: 6 years ago
Posted: 11 May 2017 3:38 EDT
Basavaraj Kadakol (BASAVARAJ) PEGA Senior Manager of Technical Support Engineering
Pegasystems Inc.
AU

Hi Praveen,

X-FRAME-OPTIONS header need to be configured to your application server to insert this into every html stream returned to the client.

Regards,

Basavaraj

Accepted Solution

Posted: 6 years ago
Posted: 11 May 2017 4:51 EDT
Bindu Saraf (BinduSaraf) PEGA Principal Cloud Development Engineer, Management Plane Services
Pegasystems Inc.
IN

Hi Praveen,

Can you please let us know what is the PRPC version you are using?

Starting from PRPC 7.2.1 you can find the DSS with setting purpose as Http/ResponseHeaders to add or modify the custom headers where you can add X-FRAME-OPTIONS header in PRPC application and provide the value based on your security needs.

You can refer the following link on how to add the custom headers:

https://collaborate.pega.com/discussion/video-support-guide-how-add-or-modify-custom-response-headers

 
Posted: 6 years ago
Posted: 11 May 2017 7:03 EDT
Santhosh Bagannagari (bagas) Pegasystems Inc. Tech Lead, Security Engineering
Pegasystems Inc.
IN

Starting from Pega 7.2.2 Content security policy rule types can be used to avoid clickjacking ( through "frame-ancestors" directive). Details on CSP can be found here.

https://community.pega.com/sites/default/files/help_v722/procomhelpmain.htm

Thanks.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice