x-frame-option SAMEORIGIN and clickjacking in ASP.NET

微笑、不失礼 提交于 2019-12-07 02:19:26
SilverlightFox

self is the current page, and if it is equal to top which is the outermost framed page then the logic is that it isn't in a frame so everything is OK. If not, it sets the location of the outermost frame to be the current page (top.location = self.location;). This is known as "frame buster" code, but there have also been some published "frame buster buster" scripts that break attempts at stopping content being framed, so bear in mind that your JavaScript may not always work.

x-frame-options is the way to go, so if you've added that then you should be secure on modern browsers, but you could try this approach which will display a warning message if a site tries to stop your frame buster from working.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!