Changing the content framing options in the Remote services application

By default, the Remote services application in Rational® Publishing Engine is configured to prevent framing of content to avoid clickjacking. Clickjacking is the framing of a web page with controls that the user cannot see. When those controls are clicked, the user is directed to some other web page. If you organization changes the framing of content for other purposes, you can change the setting so that framing can be implemented by you, but not from an outside source.

Procedure

  1. Open the administrative console in a browser. Example: http://server:port/ibm/console/logon.jsp
  2. Click Application Types > WebSphere enterprise applications.
  3. Click the rpews.war application.
  4. Click Initialize parameters for servlets.
  5. Click the xFrameOptionsMode parameter.
  6. Enter one of the following values:
    • DENY: Content cannot be framed by any site.
    • SAMEORIGIN: Content can be framed by the current site.
    If a value is not entered, DENY is used. If a value other than DENY or SAMEORIGIN is entered, the value is ignored and DENY is used.
  7. Click OK to save the changes.
  8. Restart the Remote services application.

Feedback