remix-auth-starter icon indicating copy to clipboard operation
remix-auth-starter copied to clipboard

Published 20 hours ago verified publisher icon clerk

Is this vulnerable to clickjacking by default

Open tmcw opened this issue 1 year ago • 2 comments

The signin & signout pages in this starter don't have x-frame-options headers, nor does the root loader, so it looks like anyone who follows this as their starter will start off with a clickjacking vulnerability.

tmcw avatar Jan 19 '24 15:01 tmcw

Ping - any update here? A little concerned that Clerk-starter projects are insecure by default.

tmcw avatar Jan 26 '24 14:01 tmcw

Hello @tmcw! Thank you for pointing this out! We applied a fix in our up-to-date starter here: https://github.com/clerk/clerk-remix-v2

anagstef avatar May 27 '24 16:05 anagstef