Enabling X-Frame Filtering

You can enable the X-frame filter to prevent click jacking, where a malicious user employs multiple transparent or opaque layers to trick users into clicking a button or link instead of the actual page they meant to click on. The hijacked link could be directed anywhere.

Note: If you add other filters to the web.xml file, insert them AFTER the security filters so that they cannot override the security filters.

  1. Open the web.xml file used by the TomCat server for editing.
  2. Add these lines: 

    <!--  X-Frame Filtering (Clickjacking) filter -->
    <filter>
        <filter-name>ClickjackFilterSameOrigin</filter-name>
        <filter-class>com.matrixone.apps.domain.util.ClickjackFilter</filter-class>
        <init-param>
            <param-name>mode</param-name>
            <param-value>SAMEORIGIN</param-value>
        </init-param>
    </filter>

  3. Save the web.xml file.