We are trying to display a web page in CA PPM 15.5 Blueprint Channel Modules but getting security error

Document ID : KB000117039

Last Modified Date : 05/10/2018

Issue:

We are trying to display a web page in CA PPM Blueprint Channel Modules but getting "Load denied by X-Frame-Options" security error.
Load denied by X-Frame-Options: https://<website.xyz.com> does not permit cross-origin framing.
Header Details:
Request URL: https://<website.xyz.com>
Request method: Get
X-Frame-Option: SAME ORIGIN

Environment:

CA PPM 15.5

Resolution:

This happens due to the external applications security policy and CA PPM can not overwrite security policy of another application. Applications have built in security and can't control that. CA PPM can do certain things to get the content to display. For example, if you want to display external applications within PPM, PPM will trust that application and it will display provided that HTTP and HTTPS matches. So if you have HTTPS PPM server and trying to render HTTP site which is not secured that's a security violation which will prevent it from displaying. We can also tell PPM to whitelist certain domains and we do that automatically soon as user populates URL value (may have to refresh or navigate away to read the updated whitelist domains).

Edit CA PPM 15.5 Blueprint Modules

Additional Information:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

Was this information helpful?