Click jacking

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 12
Karma: 80
Joined: 11/10/2016
Location: Denmark

Posted: 6 years ago

To prevent click jacking, Nopcommerce should use X-FRAME-OPTIONS: SAME-ORIGIN.

Implementation is easy, and can be seen here.
https://dotnetcoretutorials.com/2017/01/08/set-x-frame-options-asp-net-core/

Also browser xss should be considered.
https://dotnetcoretutorials.com/2017/01/10/set-x-xss-protection-asp-net-core/

ytrewq

Total Posts: 12
Karma: 80
Joined: 11/10/2016
Location: Denmark

Posted: 6 years ago

also frame-ancestors

https://content-security-policy.com/

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.