Created
November 30, 2015 16:51
-
-
Save phpdave/25437faaf0ade7f3ba3a to your computer and use it in GitHub Desktop.
Quick snippet on defending against clickjacking / UI Redress attacks - https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?PHP | |
//The response header will have the x-frame-options header that tells browsers that support it to not allow this page to be iframed. | |
header('X-Frame-Options: DENY'); | |
?> | |
<!-- Set the body's css to not show, and have the javascript remove this code if we are the top page. --> | |
<style id="antiClickjack"> | |
body{display:none !important;} | |
</style> | |
<script type="text/javascript"> | |
if (self === top) { | |
var antiClickjack = document.getElementById("antiClickjack"); | |
antiClickjack.parentNode.removeChild(antiClickjack); | |
} else { | |
top.location = self.location; | |
} | |
</script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment