Nikhilesh Gurjar
Reputation: 1
How to Prevent Clickjacking Attacks in React website?
Unable to resolve the clickjacking issue in react website. I have tested this in clickjacking.io.
- frame busting
<script>
if (self !== top) {
top.location = self.location;
}
</script>
- Security Header
<meta http-equiv="X-Frame-Options" content="SAMEORIGIN" />
<meta
http-equiv="Content-Security-Policy"
content="frame-ancestors 'self' https://admin.nutrition.huskwellness.com"
/>
- helmet used on the server side
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'", "'unsafe-inline'"],
},
})
);
app.use(helmet.frameguard({ action: "deny" }));
app.use(helmet.xssFilter());
app.use(helmet.noSniff());
app.use(helmet.referrerPolicy({ policy: "same-origin" }));
app.use(helmet.permittedCrossDomainPolicies())
Tried this methods but still the site can be framed in iframe.
Upvotes: 0
Views: 294
Answers (0)
Related Questions
- How can I prevent SQL injection in PHP?
- What are these three dots in React doing?
- Loop inside React JSX
- How to get GET (query string) variables in Express.js on Node.js?
- How to programmatically navigate using React Router?
- How do I conditionally add attributes to React components?
- How does Content Security Policy (CSP) work?
- X-Frame-Options: ALLOW-FROM in firefox and chrome
- Implementing Checkmarx suggested clickjacking fix introduces high severity Client DOM XSS vulnerability