More than 1 year has passed since last update.

クリックジャッキングとは

メモ

http://blog.tokumaru.org/2013/03/clickjacking-report-by-IPA.html

対策

X-Frame-Optionsを付与する

参考: https://developer.mozilla.org/ja/docs/The_X-Frame-Options_response_header

apache

Header always append X-Frame-Options SAMEORIGIN

nginx

add_header X-Frame-Options SAMEORIGIN;

ちなみに Railsだとこのへんっぽい
https://github.com/rails/rails/commit/bd59793043750c7c4545d14d618ce8ac40cc4d55