Clickjacking – Java Secure Coding
Method #1 Adding the X-Frame-Options in HTTP header
// to prevent all framing of this content response.addHeader( "X-FRAME-OPTIONS", "DENY" ); // to allow framing of this content only by this site response.addHeader( "X-FRAME-OPTIONS", "SAMEORIGIN" );
Method #2 Including frame busting code
<style> html{display : none ; } </style> <script> if( self == top ) { document.documentElement.style.display = 'block' ; } else { top.location = self.location ; } </script>
References
https://www.owasp.org/index.php/Clickjacking_Protection_for_Java_E
Leave a Reply
Want to join the discussion?Feel free to contribute!