Oracle ADF Framebusting in Web Application

Posted by

Oracle ADF provides the oracle.adf.view.rich.security.FRAME_BUSTING context parameter to implement the Framebusting in the web application.

When a malicious site tries to retrieve the content of a page from another domain into a frame and allows hyperlinks or buttons (partial content of the original page) and performs action, it is known as clickjacking. Framebusting helps the web application to prevent from clickjacking

If you want to consume your ADF application in a frame, set the below given configuration in the web.xml of the web application.

<context-param>
<param-name>oracle.adf.view.rich.security.FRAME_BUSTING</param-name>
<param-value>never</param-value>
</context-param>

The apache server might require the commenting of the X-Frame-Options: sameorigin. The current apache server will show the below settings

HTTP/1.1 200 OK

Server: Apache

Cache-Control: no-cache

Pragma: no-cache

X-Powered-By: JSF/1.2

X-Frame-Options: sameorigin

Content-Type: text/html;charset=UTF-8

Transfer-Encoding: chunked

Connection: Keep-Alive