Darth Florus Posted June 29, 2020 Share Posted June 29, 2020 Hi Pals: Anyone know how to avoid clickjacking attack and XSS attack with UniGUI? Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted June 29, 2020 Author Share Posted June 29, 2020 This is the xss attack, but luckily is fixed on the last version. Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted June 29, 2020 Author Share Posted June 29, 2020 Hi Pals: About ClickJacking Attack. The solution is to atttach a flag X-Frame-Options or Content-Security-Policy(frame-ancestors) into the HTTP response of the server. Anyone know how to attach this response to the HTTP Response on UniGUI? Thanks and Best Regards Quote Link to comment Share on other sites More sharing options...
Mehmet Emin Posted June 30, 2020 Share Posted June 30, 2020 Are you running on IIS? If yes you can add it like this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options 2 Quote Link to comment Share on other sites More sharing options...
Mehmet Emin Posted June 30, 2020 Share Posted June 30, 2020 Or if you are running stand alone or service than this code: procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); begin AResponseInfo.CustomHeaders.AddValue('X-Frame-Options', 'DENY'); end; 2 Quote Link to comment Share on other sites More sharing options...
Darth Florus Posted July 1, 2020 Author Share Posted July 1, 2020 Thank Your Very Much! I will implement this right now! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.