Last Modified: Oct 01, 2018
See more info
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
12.0.0, 11.6.0 HF5, 11.5.3 HF2
Opened: Mar 16, 2015
The REST API for URLs was missing a field for Clickjacking Protection configuration. When trying to configure that 'Rendering in Frames' should only be allowed from a single URL, there is no field to specify that URL.
A REST API client is unable to correctly configure protection that is meant to be allowed only from a specified URL.
REST API is being used to configure Clickjacking Protection for URLs.
Configure via the GUI instead of REST.
This release adds the missing field for REST to specify the 'only-from' clickjacking URL: 'allowRenderingInFramesOnlyFrom'.