Community Tip - If community subscription notifications are filling up your inbox you can set up a daily digest and get all your notifications in a single email. X
Threat:-
The page can be easily framed. Anti-framing measures are not used.
Impact:-
Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing
the original page and showing a layer on top of it with dummy buttons.
Solution:-
X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page.
How to implement X-Frame options in ThingWorx application page? I'm new to this threat and recommended solution.Please help me out.
Thanks in advance!
We are aware of this issue and have this in our backlog. Some useful information on this can be found
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
The X-Frame-Options response header - HTTP | MDN
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Thanks Mathew for these references.
But I'm unable to understand the way of implementing X-Frame options into ThingWorx application/site.
-Which script or service file to be edited,is it any Tomcat conf file or what ?
-How to verify the success after the implementation?