Darth Florus Posted June 29, 2020 Posted June 29, 2020 Hi Pals: Anyone know how to avoid clickjacking attack and XSS attack with UniGUI? Quote
Darth Florus Posted June 29, 2020 Author Posted June 29, 2020 This is the xss attack, but luckily is fixed on the last version. Quote
Darth Florus Posted June 29, 2020 Author Posted June 29, 2020 Hi Pals: About ClickJacking Attack. The solution is to atttach a flag X-Frame-Options or Content-Security-Policy(frame-ancestors) into the HTTP response of the server. Anyone know how to attach this response to the HTTP Response on UniGUI? Thanks and Best Regards Quote
Mehmet Emin Posted June 30, 2020 Posted June 30, 2020 Are you running on IIS? If yes you can add it like this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options 2 Quote
Mehmet Emin Posted June 30, 2020 Posted June 30, 2020 Or if you are running stand alone or service than this code: procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); begin AResponseInfo.CustomHeaders.AddValue('X-Frame-Options', 'DENY'); end; 2 Quote
Darth Florus Posted July 1, 2020 Author Posted July 1, 2020 Thank Your Very Much! I will implement this right now! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.