Talk:Clickjacking Protection for Java EE

From OWASP
Revision as of 06:49, 30 June 2011 by Rikard Jespersen (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I have implemented this in tomcat 5.5.31 but I didn't get it to work. First I got an error that the java version was wrong. So I recompiled the class using the same sdk version I use for the tomcat. This removed the error messages and everything looks dandy. Problem is that the sites are still "framable" in both Internet Explorer 8 and Firefox 5. Clearly I'm doing something wrong but I can't just seem to figure out what.

Is there a way to check if the headers are being sent out as suppossed to, or any other test to check what I'm doing wrong?