Show TOC

Using Frameworks Which Support Clickjacking Framing ProtectionLocate this document in the navigation structure

Applications which run on SAP NetWeaver Application Server for ABAP and are built in following frameworks do not need to adapt anything. Clickjacking framing protection is enabled by the framework automatically.

Context

SAP NetWeaver Application Server for ABAP supports clickjacking framing protection for the following frameworks:

  • Web Dynpro ABAP

  • Business Server Pages

    Business Server Pages are only protected automatically if they contain a <head></head> section in the HTML. Otherwise they need to be adapted manually (by adding the <head> section or by adapting the solution manually.

  • NetWeaver Business Client (HTML Client)

  • Transactions running on Internet Transaction Server (in SAP GUI for HTML)

Procedure

The administrator needs to enable the relevent ICF nodes and maintain the whitelist for clickjacking framing protection, where your applications are deployed.

In addition, depending on the framework, there may be additional steps an administrator needs to take.

For more information, see the security guide for the framework.

Related Information