Are ColdFusion's clickjacking filter options (Clickjacking issue - adding multiple url patterns in a single filter mapping) needed if using Internet Information Services' (IIS) HTTP Response Header option setting X-Frame-Options? Is ColdFusion (Java) interpretation of page IFRAME content occurring independently of IIS web server's interpretation?
Clickjacking is a client side event so "ColdFusion (Java) interpretation of page IFRAME content occurring independently of IIS web server's interpretation" would not be a issue -- assuming any of this is going on, which I cannot fathom how it would be. You can set the X-Frame-Options header value in either IIS or your CF application using CFHeader. If both IIS and CF sets the value, I'm fairly certain the client will receive two header entries and while ugly, as long as they don't conflict with each other I think you're fine. Does that answer your question?
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
AdChoices