Security
The security requirements may vary depending on the institution. In the system-wide security settings you can therefore set the required level of security, taking into account the risks involved.
Configuration tab
Force file download to folder: Select this security function to always download files in the folder component and never open them directly in the browser. This prevents any cross-site scripting (XSS) attacks. If this function is activated, HTML pages stored in folders are also downloaded as files and no longer opened directly in the browser. The course element “HTML page” is not affected by this mechanism.
Prevent frame embedding: Select this security function to prevent OpenOlat from loading in a frame or iFrame. This prevents any cross-frame scripting attacks (XFS). If this function is activated, you cannot embed OpenOlat in an existing website using frames.
Tab Content security policy log
Tab Media Server
The media servers released for OpenOlat can be defined here.