Can JSF prevent clickjacking attack ? If not, how to prevent it.
Asked
Active
Viewed 304 times
1
-
1Click jacking is a purely client-side problem. JSF is in this regard merely an html generator. So prevention of clickjacking should solved in a similar way as with pure html. – Kukeltje Jan 16 '17 at 09:13
-
You means JSF not prevent clickjacking.So, how to prevent it. – Pyay Thar Jan 16 '17 at 09:18
-
1There are more than one 'related' questions on the right. Google is your friend. – Kukeltje Jan 16 '17 at 09:24
-
Clickjacking is only possible if website has a XSS hole somewhere which is in turn utilized to inject such an iframe. But if website already doesn't have a XSS hole in first place, then clickjacking isn't possible at all. You can always add the documented response headers yourself if you want. – BalusC Jan 16 '17 at 10:19