Open svenha opened 6 months ago
All Hop websites (without any special configuration) are vulnerable to click jacking (or UI redress attack). Can we please have a default http header? For example,
X-Frame-Options: SAMEORIGIN
see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
DENY is more secure than SAMEORIGIN. I opened a pull request: #106
All Hop websites (without any special configuration) are vulnerable to click jacking (or UI redress attack). Can we please have a default http header? For example,
see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options