Fork me on GitHub

You are not logged in. Please login or register.

Development

Download

Tickets

Milestones

Subscribe 2

Ticket #996 (fixed bug)

Prevent clickjacking attacks

  • Created: 2014-11-15 14:03:18
  • Reported by: Franz
  • Assigned to: quy
  • Milestone: 1.5.8
  • Component: security
  • Priority: high

As far as I understand, this should be possible by sending the following header along with all responses:

Content-Security-Policy: frame-ancestors 'self'

History

Franz 2014-11-17 22:37:02

Alternative: Setting the "X-Frame-Options" header to "sameorigin".

quy 2014-11-24 02:51:58

  • Owner set to quy.

X-Ref: http://www.troyhunt.com/2013/05/clickja … ht-in.html

quy 2014-11-24 04:51:07

Commit c0e7549 to fluxbb 1.5-next

#996: Send X-Frame-Options header to prevent clickjacking attaks

Franz 2014-11-25 09:21:10

Commit 5521b0b to fluxbb 1.5-next

Merge pull request #123 from Quy/996-xfo

#996: Send X-Frame-Options header to prevent clickjacking attacks

quy 2014-11-25 19:14:19

  • Status changed from open to fixed.