Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect Ory Docs against Clickjacking Attacks #1826

Open
tricky42 opened this issue Aug 13, 2024 · 1 comment
Open

Protect Ory Docs against Clickjacking Attacks #1826

tricky42 opened this issue Aug 13, 2024 · 1 comment

Comments

@tricky42
Copy link
Contributor

To protect against Clickjacking Attacks, it is best practice to:

Full details can be found here: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html

Current Status

  • CSP Headers: not set
  • x-frame-options: not set

For the CSP headers, we need to define all aspects, not only frame-ancestors and have a report-only testing phase. @vinckr I don't think we are currently embedding the docs somewhere else via iframes, or?
@vinckr
Copy link
Member

vinckr commented Aug 13, 2024

No, we aren't embedding the docs anywhere at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tricky42 @vinckr