Ticket #996 (fixed bug)
Prevent clickjacking attacks
- Created: 2014-11-15 14:03:18
- Reported by: Franz
- Assigned to: quy
- Milestone: 1.5.8
- Component: security
- Priority: high
As far as I understand, this should be possible by sending the following header along with all responses:
Content-Security-Policy: frame-ancestors 'self'