Changing the content framing options in the Remote services application on Apache Tomcat

By default, the Remote services application in Rational® Publishing Engine is configured to prevent framing of content to avoid clickjacking. Clickjacking is the framing of a web page with controls that the user cannot see. When those controls are clicked, the user is directed to some other web page. If you organization changes the framing of content for other purposes, you can change the setting so that framing can be implemented by you, but not from an outside source.

Procedure

  1. On your application server, open the CATALINA_HOME\webapps\rpews\WEB-INF\web.xml file with a text editor.
  2. Locate the xFrameOptionsMode parameter.
  3. For param-value, enter one of the following values:
    • DENY: Content cannot be framed by any site.
    • SAMEORIGIN: Content can be framed by the current site.
    If a value is not entered, DENY is used. If a value other than DENY or SAMEORIGIN is entered, the value is ignored and DENY is used.
  4. Save the changes to the web.xml file.
  5. Restart the Remote services application.

Example

<param-name>xFrameOptionsMode</param-name>
<param-value>SAMEORIGIN</param-value>

Feedback