Click Jacking
|
Click Jacking
|
09-19-2023, 07:31 AM
I have tried googling the answer, but I cannot seem to find anything.
Does IntraWeb have built in defenses against click jacking? or is this something that I have to implement?
09-20-2023, 03:15 AM
IntraWeb has all the features (built-in) used to prevent this type of attack:
1- You can prevent IW to run inside an IFrame setting ServerController.SecurityOptions.AllowInIFrame := False; 2- Using ServerController.CookieOptions.SameSite := ssoStrict; 3- Using CSP response headers is also possible. IW won't add any CSP headers by default, but there are plenty of possibilities (And events) for you to inject any CSP header that you need I believe that preventing to run the IW application in frames would be enough to prevent such attack.
09-21-2023, 11:44 AM
"ServerController.SecurityOptions.AllowInIFrame"
Where's this option? Can't find it!! IW v15.4 here!!
09-21-2023, 01:23 PM
09-25-2023, 07:42 PM
(This post was last modified: 09-25-2023, 10:12 PM by Alexandre Machado.)
Ops... I said it was in ServerController.SecurityOptions... my memory failed me, sorry. As MJS said, it is in ServerController.SessionOptions
|
|
« Next Oldest | Next Newest »
|
![[Image: clip0016.png]](https://mjs.us/Docs/clip0016.png)