Clickjacking (aka "UI redress attacks") happens when an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events).
X-FRAME-OPTIONS
One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.
Using lusca
#
lusca is open-source under the Apache license
First:
# In your sails app
npm install lusca --save
Then, in the middleware config object in config/http.js:
// ...
// maxAge ==> Number of seconds strict transport security will stay in effect.
xframe: require('lusca').xframe('SAMEORIGIN'),
// ...
order: [
// ...
'xframe'
// ...
]
References:
https://sailsjs.com/documentation/concepts/security/clickjacking
No comments:
Post a Comment