Pathik Parikh
Reputation: 11
SailsJS clickJacking is working for api calls and redirects but when using curl command it does not show X-Frame-options in return details
I have angular/Node/Sails setup and when I call the site it always redirects to a default state and all the calls in network have X-Frame-Options turned on and displayed in the calls but when I am trying to use comand curl -v https://{SiteURL}/ in the command details it does not list X-Frame-Option at all.
Also, If I use curl -v https://{SiteURL}/{DefaultState} it has X-Frame-Options header defines in the detail it returns.
I am using the clickJacking solution mentions on sailsJS document link mentions below. https://sailsjs.com/documentation/concepts/security/clickjacking
I was expecting it would work out of the box by anyway we test it.
Upvotes: 1
Views: 39
Answers (0)
Related Questions
- Sails, React and Axios Error with CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
- why strapi using cloudinary as a cloud storage does not return images link onteh api calls
- X-Frame-Options: DENY is not working for spring boot REST API
- Refused to display 'URL' in a frame because it set 'x-frame-options' is set to 'deny'. But i am not using iFrame
- OWASP security guideline to protect restapi against clickjacking, are they acurate?
- Content Security Policy 'frame ancestors' directive not working in <meta> element
- AngularJS - href redirect to same domain cause page display before data are ready
- Http post with angular 2, cant set session on post
- Function calls another function but does not wait for return value?