System wide security settings
Requirements towards security can vary greatly depending on the institution. Use the security settings to configure the necessary security level while taking the associated risk into account.
Prevent embedding in frames: Select this security feature to prevent OpenOLAT from being loaded in a HTML frame or iFrame. By doing this possible Cross-Frame-Scripting attacks (XFS) will be prevented. If you enable this feature it is no longer possible to embedd OpenOLAT in an existing website using frames.
Block wiki resources: Select this security feature to disable the wiki resources system wide. At this time the wiki component is still prone to Cross-Site-Scripting attacks (XSS). When this feature is enabled, the wiki resources in OpenOLAT can no longer be used. When disabled, the wiki can be used with the risk of an XSS attack. However, since the wiki has an automatic revision mechanism it will be difficult for attackers to hide after an attack.
Force file download in folders: Select this security setting to always dowload files from folders and never open them directly in the browser. This prevents possible Cross-Site-Scripting attacks (XSS). When this feature is enabled all documents are downloaded as files and will not be displayed in the browser directly, including HTML documents. This behavior does not apply to the course element "single page".