Clickjacking prevention

The configuration of clickjacking prevention provides a defense against certain security attacks.

Read this section to learn more about clickjacking prevention and how to configure it through the LN UI Administration Webapp.

Limitations

You cannot enable clickjacking prevention if the same LN UI installation is used for stand-alone mode and inside Infor Ming.le. This is because of a technical restriction on the HTTP protocol level where only one expected HTML parent frame can be specified.

Clickjacking prevention does not work if the Safari browser is used. The Safari browser does not provide the required support.

Overview

Clickjacking is an attack that tries to hijack the user's mouse click action. If the attack is successful, the click action is used for a different, often malicious, purpose than intended. Clickjacking is achieved by overlaying the desired LN UI web content with invisible HTML frame content that is controlled by the attacker.

For details, see https://www.owasp.org/index.php/Clickjacking.

LN UI's clickjacking prevention ensures that the browser is aware of the expected HTML parent frame through which all normal LN UI access should occur. This way, if an attacker embeds LN UI in a malicious website, the browser denies access to LN UI and prevents the attack.