Let's follow up this discussion at the Neptune Community

(this forum will be kept in read-only mode)

Neptune with internal MDM catalogue

We have built a Neptune app to create purchase requisitions. One of the options we have provided is to create  requisitions by using punchout cataloges (exactly what SRM does) in ERP system by enabling a business function to do so. 


In the Neptune app I am using an iframe to show the external punchout catalog and it works fine. Customer's requirement is to make it work with internal SAP MDM catalogues (Java based web dynpro app). This works fine in the back end but when trying to display it in the iframe using Neptune I get the following error message:

image


This looks like a "Clickjacking" prevention and doesn't allow me to show the catalogue in an iframe. I have seen a couple of OSS notes about white listing or switching the security option off but unfortunately they are on an old MDM 5.0 version (Java based) and that option can not be found.


Do you have any recommendations on how to get around this?



Hi Radek


You need to allow the WebDynpro App to run in the Domain, if it is a different one. 


Checkout this topic, in the end.


https://help.sap.com/saphelp_nw75/helpdata/en/4c/4e97549f1f35c3e10000000a42189e/content.htm


X-Frame-Options HTTP Header field

Also still available is the X-Frame-Options HTTP header field. This feature was introduced by Microsoft Internet Explorer 8+ and has been adopted by other browser vendors. Depending on the attribute value, the browser evaluates which hosting frames are allowed to include a certain page in a frame.


Supported values:


  • DENY (no embedding allowed)
  • SAMEORIGIN (only embedding frames from the same origin allowed)
  • ALLOW-FROM domain.com (only embedding frames from specifically declared hosts allowed)


For more information see SAP Note 1781171 Information published on SAP site.



Regards

Ole Andre 


1 person likes this

Thanks Ole-Andre. That's what I was thinking just the BASIS team was telling me that the security option is not there so I was looking for a different way but finally they sorted it.

Login or Signup to post a comment