FAQ » Hosting
How can I protect my site from clickjacking?
What is clickjacking?
An attacker may trick a user by sending them a malicious link and allowing the attacker to hijacked their account.
Steps To Reproduce
- Put
<iframe src="https://example.com/" frameborder="0"></iframe>into a new.htmlfile - Open the html file in a browser
Solution
Implement the CSP header to avoid these sorts of attacks.
Content-Security-Policy: frame-ancestors 'self'
This checks all frame ancestors apart from itself.
Alternatively if you're using Laravel, you can
use composer require spatie/laravel-csp.
Last updated: 2022-08-16