Closed majestrate closed 7 years ago
@orignal added CSRF tokens in https://github.com/PurpleI2P/i2pd/commit/10d6cd989608d85dd80ec19433ca66f817a73bbf
There needs to be CORS and protection from clickjacking?
For click-jacking protection, HTTPServer needs to always send header X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
@orignal added CSRF tokens in https://github.com/PurpleI2P/i2pd/commit/10d6cd989608d85dd80ec19433ca66f817a73bbf
There needs to be CORS and protection from clickjacking?
For click-jacking protection, HTTPServer needs to always send header
X-Frame-Options: SAMEORIGINhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options