Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect against clickjacking with Content-Security-Policy: frame-ancestors #64

Closed
simonw opened this issue Apr 14, 2021 · 1 comment
Closed

Protect against clickjacking with Content-Security-Policy: frame-ancestors #64

simonw opened this issue Apr 14, 2021 · 1 comment
Labels
security small

Comments

@simonw
Copy link
Owner

simonw commented Apr 14, 2021

If I care about clickjacking I should use the Content-Security-Policy: frame-ancestors 'self' header.

Originally posted by @simonw in #45 (comment)
@simonw
Copy link
Owner Author

simonw commented Apr 14, 2021
edited
Loading

Since these are read-only queries that don't send information anywhere other than the user's own browser theoretically there's no risk from clickjacking here - but I like defense in depth.

@simonw simonw changed the title Protect against clickjacking Protect against clickjacking with Content-Security-Policy: frame-ancestors Apr 14, 2021
@simonw simonw closed this as completed in 5afc7bb Apr 14, 2021
@simonw simonw added the small label Apr 14, 2021
simonw added a commit that referenced this issue Apr 14, 2021
@simonw
Release 0.8a0
1a3801e 
Refs #7, #45, #55, #64, #65
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simonw