Hello Experts,
Is it recommended to modify the web.config file of Microsoft Dynamics CRM? Our network infrastructure team has asked to modify the web.config file of CRM to avoid 'ClickJacking Vulnerability'. They have proposed to add "X-Frame Option Header" in the web.config file under <system.WebServer> tags wherever found. We can find the <system.WebServer> tag appearing many times in the web.config file but are reluctant to make changes to the web.config.
Can anyone suggest if it is recommended or not? Does Microsoft Dynamics CRM provide enough security to avoid 'ClickJacking Vulnerability'?
*This post is locked for comments
Hello,
Is there a web.config for dynamics 365 online? The problem I am facing is that my entity primary keys contain colons and I cannot retrieve them via the GET method. Regards
making changes to web.config is not supported
by the way, a clickjacking vulnerability inside a CRM OnPremise can only be inserted voluntarily by a System Administrator/System Customizer (the roles they have the capacity to add jscript or iframes inside crm) so I don't think you need to update the web.config
André Arnaud de Cal...
291,965
Super User 2025 Season 1
Martin Dráb
230,836
Most Valuable Professional
nmaenpaa
101,156