This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to prevent clickjacking on Apigee edge?

Posted on 05-31-2018 07:04 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I have created an action message as below and attached it to Target Endpoint's preFlow but I am still able to add our api proxy url calls into an iframe. May I know what is the right way to do this? Thanks in advance. I am totally new to Apigee.

<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
  <DisplayName>Add CORS</DisplayName>
  <FaultRules/>
  <Properties/>
  <Add>
    <Headers>
      <Header name="X-Frame-Options">SAMEORIGIN</Header>
    </Headers>
  </Add>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
  <AssignTo createNew="false" transport="https" type="response"/>
</AssignMessage>
2 5 553
Topic Labels
5 REPLIES 5
Top Solution Authors
View all