Replacing X-Frame-Options with CSP

About

Asked 27/3, 2017 at 6:55 Answered 27/3, 2017 at 7:7

Solved content-security-policy x-frame-options

I am migrating from X-Frame-Options to Content Security Policy to fix the click-jacking vulnerability. My application used to set the SAMEORIGIN policy in hte X-Frame-Options header. What is the equivalent option in Content-Security-Policy?

Grapeshot answered 27/3, 2017 at 6:55 Comment(0)

frame-ancestors

X-Frame-Options: SAMEORIGIN ➡ Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: DENY ➡ Content-Security-Policy: frame-ancestors 'none'

Carreon answered 27/3, 2017 at 7:7 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags