|
@@ -3566,7 +3566,7 @@ public class WebSecurityConfig extends
|
|
|
|
|
|
|
|
[[headers-frame-options]]
|
|
[[headers-frame-options]]
|
|
|
==== X-Frame-Options
|
|
==== X-Frame-Options
|
|
|
-Allowing your website to be added to a frame can be a security issue. For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (http://www.youtube.com/watch?v=3mk0RySeNsU[video demo]). For example, a user that is logged into their bank might click a button that grants access to other users. This sort of attack is known ashttp://en.wikipedia.org/wiki/Clickjacking[Clickjacking].
|
|
|
|
|
|
|
+Allowing your website to be added to a frame can be a security issue. For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (http://www.youtube.com/watch?v=3mk0RySeNsU[video demo]). For example, a user that is logged into their bank might click a button that grants access to other users. This sort of attack is known as http://en.wikipedia.org/wiki/Clickjacking[Clickjacking].
|
|
|
|
|
|
|
|
[NOTE]
|
|
[NOTE]
|
|
|
====
|
|
====
|
Bloshchetsov Andrey Evgenyevich