18 Clickjacking
This chapter covers
- Configuring the
X-Frame-Optionsheader - Configuring the
frame-ancestorsCSP directive
This short chapter explores clickjacking and wraps up the book. The term clickjacking is a blend of the words click and hijacking. Clickjacking is initiated by luring the victim to a malicious web page. The victim is then baited into clicking a harmless looking link or button. The click event is hijacked by the attacker and propagated to a different UI control from another site. The victim may think they are about to win an iPhone, but they are actually sending a request to another site they previously logged in to. The state change of this unintentional request is the attacker’s motive.
Suppose Charlie has just finished ...
Get Full Stack Python Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
