Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development Issues Clickjacking Vulnerability Found
Clickjacking Vulnerability Found
  • Offline kilishan
    CI Project Lead
  • *******
  • Posts: 1,461
    Threads: 90
    Joined: Oct 2014
    Reputation: 120
#4
05-01-2015, 08:00 PM

As Mel9pr said, the easiest protection seems to be setting the head from a MY_Controller so that all pages send that. Or at least any pages that use frames, if I'm reading those pages correctly.

From what OWASP is saying this is not a server-side framework flaw. Instead, this is related to how your site is created. If you're not using frames, this won't be an issue. If you are, then you should include some frame-busting code (along with that header) to fix any issues. The Clickjacking Defense Cheat Sheet has all of the answers you need there.
Support Development •  CodeIgniter 4 Foundations • Practical CodeIgniter 3  • CodeIgniter Tutorials
Reply


Messages In This Thread
RE: Clickjacking Vulnerability Found - by ciadmin - 04-30-2015, 07:57 AM
RE: Clickjacking Vulnerability Found - by Mel9pr - 05-01-2015, 04:07 PM
RE: Clickjacking Vulnerability Found - by kilishan - 05-01-2015, 08:00 PM



Theme © iAndrew 2016 - Forum software by © MyBB