Skip to content

Clickjacking.md

Latest commit

 

History

History
44 lines (27 loc) · 1.08 KB

Clickjacking.md

File metadata and controls

44 lines (27 loc) · 1.08 KB

Clickjacking

Clickjacking (aka "UI redress attacks") are where an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events.)

X-FRAME-OPTIONS

One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.

Using lusca

lusca is open-source under the Apache license

# In your sails app
npm install lusca --save

Then in the middleware config object in config/http.js:

  // ...
  // maxAge ==> Number of seconds strict transport security will stay in effect.
  xframe: require('lusca').xframe('SAMEORIGIN')
  // ...
  order: [
    // ...
    'xframe'
    // ...
  ]

Additional Resources