Similar to ‘crossdomain.xml’, Silverlight has some security features, this too is often noticeable by large number of HTTP 404 errors for a file named ‘clientaccesspolicy.xml’ in my webserver logs.
The most simple solution to the 404’s that restricts Silverlight is to add an empty file at the root of your websites.
I’ve run into this a few times as my web applications got larger. Often this has been seen when builds automated by Jenkins start failing as they increase in size. It has also occurred to me when doing manual deployments as the Jenkins WAR itself is larger than 50MB lately.
Let’s just go in and increase the maximum expected file size…
This change should work on any platform, but the following is from my experience with Ubuntu.
sudo vi /opt/tomcat7/webapps/manager/WEB-INF/web.xml
<!-- 50MB -->
Change to something a bit larger (to your liking):
<!-- 50MB max 62428800, 100MB = 104857600 -->
Restart with either…
sudo /etc/init.d/tomcat7 restart
sudo service tomcat7 restart
Added in MSIE8 and Mozilla Firefox 3.6.9, Apple Safari 4, IE8, and Google Chrome 2 are several mechanisms to defend against cross-domain forgeries.
You can add to your website to make sure it is not embedded in a frame or iframe. This avoids clickjacking.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a “
<frame>” or “
<iframe>“. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
NOTE: “ALLOW-FROM” is supported in some browsers
You can explicitly set this value for ApacheHTTP in the httpd.conf file, your .htaccess files or code it into the page(s) by the application itself.
Example, add this to the apache config file:
Header always set X-Frame-Options DENY