Aurora Corporate documentation

Preventing clickjacking attacks with X-Frame-Options header

It's possible to disallow embedding Aurora Corporate interface into IFrame, which can be helpful towards preventing clickjacking attacks. This is done by forcing specific value of X-Frame-Options HTTP header, you can read more about it at this Wikipedia page.

If you wish to disallow embedding Aurora Corporate interface into IFrame, set XFrameOptions parameter to "SAMEORIGIN" in data/settings/config.json file:

    "XFrameOptions": [
        "SAMEORIGIN",
        "string"
    ]

Note that even with this setting applied, you will still be able to use the embedding yourself, as long as Aurora Corporate and the page containing IFrame are within the same domain.