Setting Configure X-Frames Options does not create the correct header

Todd Shelton · 2016-10-20 16:15:57

In Adobe Connect (cloud) setting Configure X-Frames Options to SAMEORIGIN does not create the correct HTTP header, which should be X-Frame-Options: SAMEHEADER.

In fact, it appears to have no effect at all.

We need this to work because without this header, our landing pages fail vulnerability testing at one of our customers ( a large software company).

Setting this option restricts IFrames, and SAMEORIGIN restricts them to the same domain.

This is a pretty common security vulnerability, and Connect looks like it has provision for it. Has anyone else run across this and successfully configured it?

Thanks!
Todd

#1 2016-10-20 16:15:57

Setting Configure X-Frames Options does not create the correct header

Board footer