The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming

    20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now

    20140424-Windows-7-free-disk-space

    More Photos
  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,715 other followers

Archive for April 29th, 2015

The Clickjacking attack, X-Frame-Options

Posted by jpluimers on 2015/04/29

Front-end web development isn’t my core area of expertise, but every now and then I am slightly more than the usual spectator and do get involved.

This case it was about helping to prevent The Clickjacking attack by using the The X-Frame-Options response header from RFC 7034.

Lots of people seem to have questions about it: Highest Voted ‘x-frame-options’ Questions – Stack Overflow.

So, from The X-Frame-Options response header:

There are three possible values for X-Frame-Options:

DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.
ALLOW-FROM uri
The page can only be displayed in a frame on the specified origin.

–jeroen

via:

Posted in Development, Software Development, Web Development | Leave a Comment »

 
%d bloggers like this: