Hi All,
Currently we implemented below in IIS for clickjacking
We have Apps configured in our site, which uses App.abc.sg domain, and Apps has been added in Home page.
Due to security reason, we need to add XFrame options in IIS, We added X-Frame option with value as Sameorigin, then pages where app added was throwing error because App has different domain. To solve this issue we added allow-from *.ABC.Sg now this solved the problem.
Now pages which has Apps added, started working, also sharePoint default pages which contains Iframe, like Date Control and Check permission is also working inIE
However this is not working in Chrome, Chrome pages where Apps added are working (Allow-from *.ABC.sg) however sharepoint default pages where iframe is there is not working like list new form which has date control, when we click to pick date it throws date error, check permission is also having iframe which is not working.
So for Chrome which X-Frame option we can use, which should work for allow-from *.abc.sg and sameorigin can work.
Thanks
Suyog M
Please mark answer , if you think answer is helpful or correct.