Click jacking:
Click jacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
Solution:
Typically, click jacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees.
To overcome click jacking, iFrame header policy has to be set in Smarten. The frame policy can be used to indicate whether or not a browser should be allowed to open a page in frame.
In security-config.xml file (smarten.war/WEB-INF/ security-config.xml), the below code-line should be uncommented / added.
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
This setting will allow a page to be displayed in a frame on the same origin. Once this is set, if anyone attempts click jacking, smarten will forbid the URL as shown below.
FORBIDDEN URL AFTER SECURING FROM CLICK JACKING
Please refer to Application Security Implementation Manual to learn more.
Note: This article is based on Smarten Version 5.0. This may or may not be relevant to the Smarten version you may be using.
Security Vulnerability Clickjacking iFrameWas this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article