Click jacking:

 

Click jacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

 

Solution:

Typically, click jacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees.

To overcome click jacking, iFrame header policy has to be set in Smarten. The frame policy can be used to indicate whether or not a browser should be allowed to open a page in frame.

In security-config.xml file (smarten.war/WEB-INF/ security-config.xml), the below code-line should be uncommented / added.

 

<headers>

                <frame-options policy="SAMEORIGIN"/>

</headers>

 

This setting will allow a page to be displayed in a frame on the same origin. Once this is set, if anyone attempts click jacking, smarten will forbid the URL as shown below.

 

FORBIDDEN URL AFTER SECURING FROM CLICK JACKING