2011-10-01 10:07:16 |
François Marier |
description |
To prevent ClickJacking, we should set the X-Frame-Options to Deny for everything that returns HTML:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_Malicious_Site_Framing_.28ClickJacking.29
We'll need to make sure we don't set it on the dynamic resizer / resolver though. |
To prevent ClickJacking, we should set the X-Frame-Options to Deny for everything that returns HTML:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_Malicious_Site_Framing_.28ClickJacking.29
https://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
We'll need to make sure we don't set it on the dynamic resizer / resolver though. |
|