ThuF
commented
5 years ago So far DIRIGIBLE_PRODUCTIVE_IFRAME_ENABLED environment variable was introduced, but more comprehensive solution should be implied. For example all runtime releases should be clickjacking protected by default. However the simplest approach, to set this variable by default, doesn't work, as it also prevents IDE views and generated applications views (based on AngularJS template) from loading.
Prevent clickjacking on productive instances