Skip to content

Security vulnerability: use X-Frame-Options header as default #105

New issue
New issue
Open
Open
Security vulnerability: use X-Frame-Options header as default#105
@svenha

Description

@svenha
svenha
opened on Feb 25, 2024

All Hop websites (without any special configuration) are vulnerable to click jacking (or UI redress attack). Can we please have a default http header? For example,

 X-Frame-Options: SAMEORIGIN

see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions