In order to invoke ADF application from OAF rich container frame inside EBS, set "org.apache.myfaces.trinidad.security.FRAME_BUSTING" to "never".
<context-param>
<description>Security precaution to prevent clickjacking: bust frames
if the ancestor window domain(protocol, host, and port) and the frame
domain are different. Another options for this parameter are always and never.
</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>never</param-value>
</context-param>
Some Apache Trinidad configuration options are set instead with <context-param> elements in your WEB-INF/web.xmlfile.
org.apache.myfaces.trinidad.security.FRAME_BUSTING
The parameter "org.apache.myfaces.trinidad.security.FRAME_BUSTING" controls the framebusting feature. Framebusting stops content from running inside frames (meaning a frame or iframe tag).This context parameter is ignored when org.apache.myfaces.trinidad.util.ExternalContextUtils.isPortlet is true, and will behave as if the context parameter is set to 'never'.
Possible values are:
differentOrigin - only bust frames if the an ancestor window origin and the frame origin are
different. If the ancestor windows and frame have the same origin then allow the content to run in a frame. This is the default.
always - always bust frames, meaning don't allow a page to be embedded in frames
never - never bust frames, meaning always allow a page to be embedded in frames
<context-param>
<description>Security precaution to prevent clickjacking: bust frames
if the ancestor window domain(protocol, host, and port) and the frame
domain are different. Another options for this parameter are always and never.
</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>never</param-value>
</context-param>
Some Apache Trinidad configuration options are set instead with <context-param> elements in your WEB-INF/web.xmlfile.
org.apache.myfaces.trinidad.security.FRAME_BUSTING
The parameter "org.apache.myfaces.trinidad.security.FRAME_BUSTING" controls the framebusting feature. Framebusting stops content from running inside frames (meaning a frame or iframe tag).This context parameter is ignored when org.apache.myfaces.trinidad.util.ExternalContextUtils.isPortlet is true, and will behave as if the context parameter is set to 'never'.
Possible values are:
differentOrigin - only bust frames if the an ancestor window origin and the frame origin are
different. If the ancestor windows and frame have the same origin then allow the content to run in a frame. This is the default.
always - always bust frames, meaning don't allow a page to be embedded in frames
never - never bust frames, meaning always allow a page to be embedded in frames
googd
ReplyDeletethnks
ReplyDelete