Closed simonw closed 3 years ago
If I care about clickjacking I should use the Content-Security-Policy: frame-ancestors 'self' header.
Content-Security-Policy: frame-ancestors 'self'
Originally posted by @simonw in https://github.com/simonw/django-sql-dashboard/issues/45#issuecomment-819222015
Since these are read-only queries that don't send information anywhere other than the user's own browser theoretically there's no risk from clickjacking here - but I like defense in depth.
Originally posted by @simonw in https://github.com/simonw/django-sql-dashboard/issues/45#issuecomment-819222015