CMSB v3.58 Beta 1 (Feb 13, 2023)

4 posts by 2 authors in: Forums > CMS Builder
Last Post: March 27, 2023   (RSS)

By Codee - March 25, 2023

Hi Dave,

Dave wrote: "

  • Security: Added .htaccess code to prevent it from being loaded in a frame (to prevent clickjacking)

To prevent "what" from being loaded in a frame? My concern is on many sites I utilize Google's code for embedding Youtube videos...which is a frameset...and I'd prefer not to break those if possible.

Thanks

By Dave - March 27, 2023

Hi Codee, 

It prevents the CMS from being loaded in a frame on another domain.  It shouldn't prevent you from loading content from other domains in frame.

But if you ever need to disable it just #comment out these lines in /cmsb/.htaccess

# Prevent clickjacking attacks - comment this out if you need to display the cms in a frame
<IfModule mod_headers.c>
  Header set X-Frame-Options "SAMEORIGIN"
  Header set Content-Security-Policy "frame-ancestors 'self'"
</IfModule>

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com

By Codee - March 27, 2023

Mr. Dave,

Thank you. That was my first impression but wanted to be clear. Have a great week!