ClickJacking

By | 2016 年 5 月 4 日

Example

Attacker embedded your pages into another page in a <frame> tag, and there is a transparent layer on top of your button or link. And it will receive the user click instead of your button. Then navigate user to some other places.

Solution

Using <X-Frame-Options> ;
Using Content-Security-Policy

Reference

https://en.wikipedia.org/wiki/Clickjacking

发表评论

电子邮件地址不会被公开。 必填项已用*标注