A fix is available
APAR status
Closed as program error.
Error description
Worklight/MFP Foundation does not provide a frame-breaking technique. Since this is relevant for the resource downloading requests which are not protected by the application security, it's also impossible to implement it as a custom realm.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * MobileFirst Platform users, who have web applications. * **************************************************************** * PROBLEM DESCRIPTION: * * MobileFirst Studio provides mechanisms by which you can * * control the value of the X-Frame-Options HTTP header for * * Desktop Browser and Mobile Web environments. * * * * X-Frame-Options * * * * The X-Frame-Options HTTP response header is used to * * determine whether or not a browser is allowed to render a * * page in a <frame>, <iframe> or <object> element. Web * * applications can use this header to avoid clickjacking * * attacks, by ensuring that their content is not embedded into * * other sites. Setting the X-Frame-Options parameter in the * * environment's application-descriptor.xml will add the * * X-Frame-Options header with the selected value to every init * * response. * * * * There are three possible values for MobileFirst Platform * * X-Frame-Options : * * no-use: * * This is the default value. The header X-Frame-Options is * * not included in the server init HTTP response. The page can * * be displayed in a frame from any location. * * * * DENY: * * The page cannot be displayed in another element, * * regardless of the site attempting to do so. * * * * SAMEORIGIN: * * The page can only be displayed in another element on the * * same origin as the page itself. * **************************************************************** * RECOMMENDATION: * * - * ****************************************************************
Problem conclusion
The X-Frame-Options have been added.
Temporary fix
Comments
APAR Information
APAR number
PI50569
Reported component name
MFPF/WORKLIGHT
Reported component ID
5725I4301
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-10-14
Closed date
2015-11-18
Last modified date
2015-11-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MFPF/WORKLIGHT
Fixed component ID
5725I4301
Applicable component levels
R610 PSY
UP
R620 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 October 2021