The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

    • G+ Na also, unnützes Wissen ist doch für was gut: "Sie haben mehr Punkte erreicht als 96% der Teilnehmer... ift.tt/2mCuSv8 2 hours ago
    • G+ Unpopular opinion: You should NOT be buying phones that do not ship with the latest version of Android... ift.tt/2mD7VYP 2 hours ago
    • G+ Welch herzallerliebste Naivität. Natürlich stimmt einiges, was sie schreibt, aber sie ist definitiv ... ift.tt/2zdUWTi 2 hours ago
    • @matijn @twelphcom Wat een leuke protegé heb je! Zo'n dag is toch heel wat anders dan de annegriep die ik dacht. Sorry voor dat. 3 hours ago
    • RT @CodeWisdom: "Computers are good at following instructions, but not at reading your mind." - Donald Knuth 3 hours ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,843 other followers

Archive for April 29th, 2015

The Clickjacking attack, X-Frame-Options

Posted by jpluimers on 2015/04/29

Front-end web development isn’t my core area of expertise, but every now and then I am slightly more than the usual spectator and do get involved.

This case it was about helping to prevent The Clickjacking attack by using the The X-Frame-Options response header from RFC 7034.

Lots of people seem to have questions about it: Highest Voted ‘x-frame-options’ Questions – Stack Overflow.

So, from The X-Frame-Options response header:

There are three possible values for X-Frame-Options:

DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.
ALLOW-FROM uri
The page can only be displayed in a frame on the specified origin.

–jeroen

via:

Posted in Development, Software Development, Web Development | Leave a Comment »

 
%d bloggers like this: