Reputation: 89
Preventing clickjacking vulnerability from client side
What other options do I have to prevent clickjacking, I am looking for possible solutions that can work on the codebase not server side.
I am working on an angular project and have tried these,
setting "X-Frame-Options": to "sameorigin" and even "deny" and also http-equiv="Content-Security-Policy". content="default-src 'self'; frame-ancestors 'self';" and also
but this error is always shown, they my sit still gets loaded on a frame.
The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
I have also tried to check for window-top against window-self and if it does not match sop that screen from opening further.
The idea here is that I do not want to make any of these changes server side, but on the code level. If there are related questions or one that works please also help with directions there, or the question is not clear kindly comment and I will try and give more descriptions.
Upvotes: -1
Views: 46
Answers (0)
Related Questions
- X-Frame-Options: ALLOW-FROM in firefox and chrome
- How does the SQL injection from the "Bobby Tables" XKCD comic work?
- Implementing Checkmarx suggested clickjacking fix introduces high severity Client DOM XSS vulnerability
- Refused to display in a frame /ancestor violates
- OWASP security guideline to protect restapi against clickjacking, are they acurate?
- To stop ClickJacking, which one is more secure? breaking out of iframe vs X-Frame-Options to Deny or Same Origin