On 07.02., Peter J. Philipp wrote:
> On Tue, Feb 07, 2023 at 10:41:34AM +, Stuart Henderson wrote:
> > On 2023/02/07 10:20, Peter J. Philipp wrote:
> > > Hi,
> > >
> > > Arslan Kabeer (on the Internet) made me aware of clickjacking being done
> > > on
> > > my site using OpenBSD httpd. This f
On 2023/02/07 12:29, Peter J. Philipp wrote:
> On Tue, Feb 07, 2023 at 10:41:34AM +, Stuart Henderson wrote:
> > On 2023/02/07 10:20, Peter J. Philipp wrote:
> > > Hi,
> > >
> > > Arslan Kabeer (on the Internet) made me aware of clickjacking being done
> > > on
> > > my site using OpenBSD htt
On Tue, Feb 07, 2023 at 10:41:34AM +, Stuart Henderson wrote:
> On 2023/02/07 10:20, Peter J. Philipp wrote:
> > Hi,
> >
> > Arslan Kabeer (on the Internet) made me aware of clickjacking being done on
> > my site using OpenBSD httpd. This following patch implements a RFC 7034
> > protection c
On 2023/02/07 10:20, Peter J. Philipp wrote:
> Hi,
>
> Arslan Kabeer (on the Internet) made me aware of clickjacking being done on
> my site using OpenBSD httpd. This following patch implements a RFC 7034
> protection called "noiframe" which disallows other sites (but not the same
> site) to add
On Tue, Feb 07, 2023 at 10:20:27AM +0100, Peter J. Philipp wrote:
> X-Frame-Options: SAMEORIGIN
Note that this is now considered obsolete, and has been superceeded by the
Content-Security-Policy header.
Hi,
Arslan Kabeer (on the Internet) made me aware of clickjacking being done on
my site using OpenBSD httpd. This following patch implements a RFC 7034
protection called "noiframe" which disallows other sites (but not the same
site) to add an iframe to my site.
The config change is like this:
-
