a priori il doit suffire de retourner le bon header "X-Frame-Options: Deny". Voir https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Sauf si on pense que ça pète des trucs :) On 14 November 2014 21:57, Dotclear (contact) <[email protected]> wrote: > Faudra qu'on se penche la dessus, à l'occasion. > > ---------- Forwarded message ---------- > From: Narendra Bhati <[email protected]> > Date: 2014-11-14 16:54 GMT+01:00 > Subject: Click Jacking Vulnerability > To: [email protected] > > > Respected Authorities > > while looking in your cms i found that its vulnerable to click jacking > attack > > see here for more info on clicjacking - > https://www.owasp.org/index.php/Clickjacking > > -- > *Narendra Bhati "CEH" **( Facebook > <http://www.facebook.com/narendradewsoft> , Twitter > <http://www.twitter.com/NarendraBhatiB> , LinkedIn > <https://www.linkedin.com/profile/view?id=115146074> , Personal Blog > <http://hacktivity.websecgeeks.com> )* > *Security Analyst - IT Risk & Security Management Services* > Suma Soft Pvt. Ltd. | Suma Center | Near Mangeshkar Hospital | Erandawane > Pune: 411004 | *+919923397301 <%2B919923397301>* > > *======================================================================* > > > > > -- > Dotclear Team > -- > Dev mailing list - [email protected] - > http://ml.dotclear.org/listinfo/dev > -- Dev mailing list - [email protected] - http://ml.dotclear.org/listinfo/dev
