Forum Discussion

Mentor

7 years ago

Stop Click-jacking Security

Hey Everyone,

I am posting this before I raise a support ticket wondering if I am able to stop other domains from loading my communities content/page in an iframe.

I have had a look around and can find reference to ActiveCast widgets and disabling/enabling CSP (Content Security Policy).

I know that I need to enable/add either or both of the below:

Any help would be appreciated or just let me know if I should raise a ticket.

KrisS
7 years ago
Hi Jake_N,

Yes, if you reach out to support we can enable it. I've actually gone ahead and enabled it for your community live.

KrisS
Khoros Alumni (Retired)
7 years ago
Hi Jake_N,

Yes, if you reach out to support we can enable it. I've actually gone ahead and enabled it for your community live.
- GlennD
  Maven
  6 years ago
  Hi KrisS
  Is this a site-wide setting or can it be enabled for specific pages/elements?
  Thanks
  Glenn
  - KrisS
    Khoros Alumni (Retired)
    6 years ago
    GlennD it covers the entire community. If the concern is external pages, we do have the option to white list FQDNs.
luk
Boss
7 years ago
Interesting topic, can't really help you out with any information though but would definitely be interested in the answer from support if you open a case =), please re-post if you get one!