Hello Tririgans -
Currently we are in process of configuring Reservation module for one of our customer. Part of which we are enabling the Advanced Room Search Add-in which came out as part of 3.6.1/10.6.1. Now are facing problems loading this plugin in web Outlook if X-Frame-Options is set to 'SAMEORIGIN' on the destination TRIRIGA. And below is the error from browser console
Refused to display 'https://aetnasandbox.oncfi.com/p/web/outlook/roomSearch?et=' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
This is a standard setting to mitigate XSS/CSS vulnerability which IBM also recommends (Ref:
https://www.ibm.com/support/knowledgecenter/SSHEB3_3.6.1/com.ibm.tap.doc/pdfs_wiki/Security_Scan_Checklist.pdf).
We do not want to remove this 'SAMEORIGIN' option totally but wanted to make this plugin work. Currently we are trying out
Access-Control-allow-Origin setting but that has its own limitation. Hence checking if any of you encountered this issue, have any guidance\sugesstions.
Appreciate your time & response.
------------------------------
Edwin David
------------------------------
#TRIRIGA#AssetandFacilitiesManagement