Aurora Corporate 8 documentation

Preventing clickjacking attacks with X-Frame-Options header

It's possible to disallow embedding Aurora Corporate 8 interface into IFrame, which can be helpful towards preventing clickjacking attacks. This is done by forcing specific value of X-Frame-Options HTTP header, you can read more about it at this Wikipedia page.

If you wish to disallow embedding Aurora Corporate 8 interface into IFrame, set XFrameOptions parameter to "SAMEORIGIN" in data/settings/config.json file:

    "XFrameOptions": [
        "SAMEORIGIN",
        "string"
    ]

Note that even with this setting applied, you will still be able to use the embedding yourself, as long as Aurora Corporate 8 and the page containing IFrame are within the same domain.