ThinClientFraming

Restricts the locations within which the thin client pages may be placed within an iframe.

Accepted values:

'none':

Quotes included, this specifies nothing may place the thin clients within an iframe.

'self':

Quotes included, this specifies only VTScada itself may place the thin client within an iframe. This requires protocol scheme and port numbers on the system to be identical.

A space separate list of hosts:

No quotes should be present. This list of hosts will be allowed to place the thin client within an iframe. The list format follows that accepted by Content-Security-Policy headers.

 

The recommended value is 'none', which offers the greatest level of protection. If a list of hosts is specified, they should be as restrictive as possible for the application to ensure malicious sources can not conduct UI redress attacks.

 

Section: System

Default: ThinClientFraming = 'none'

Part of Setup.INI, in your installation folder.
This property is not part of the Application Configuration dialog.