layer5 icon indicating copy to clipboard operation
layer5 copied to clipboard
Published 3 weeks ago β€’ verified publisher icon layer5io

Prevent Clickjacking

Open leecalcote opened this issue 5 months ago β€’ 6 comments

Current Behavior

Clickjacking is an attack where an attacker tricks users into clicking on hidden or disguised elements by overlaying a malicious page on top of a legitimate one. This can lead to unintended actions or data theft.

Desired Situation

Use the X-Frame-Options header, setting it to SAMEORIGIN to prevent framing by other sites.

Extra Credit

Additionally, potentially use Content Security Policy (CSP)'s frame-ancestors directive to specify which sites can frame our content.

Acceptance Tests

  1. Ensure that signing into https://cloud.layer5.io is unaffected.
  2. Ensure that submission of forms like that of https://layer5.io/newcomers is unaffected.
  3. Ensure that calendar links to meet with the team is unaffected.

Contributor Resources and Handbook

The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.

Join the Layer5 Community by submitting your community member form.

leecalcote avatar Jun 30 '25 11:06 leecalcote

hi @leecalcote I want to work on this, it is new type of issue and it is interesting for me, I will learn lot. please assign to me.

saurabhraghuvanshii avatar Jun 30 '25 18:06 saurabhraghuvanshii

Sounds real good, @saurabhraghuvanshii. Thanks for pick it up. πŸ‘

leecalcote avatar Jun 30 '25 19:06 leecalcote

@ShashaankS, perhaps, you might assist here.

leecalcote avatar Jul 15 '25 15:07 leecalcote

Sure, on it.

ShashaankS avatar Jul 15 '25 17:07 ShashaankS

https://github.com/layer5io/layer5/pull/6638 did not solve the issue.

leecalcote avatar Jul 17 '25 22:07 leecalcote

Hello Sir, I think this pull request fixes this issue as well

https://github.com/layer5io/layer5/pull/6813#issuecomment-3274471693

SplinterSword avatar Sep 10 '25 11:09 SplinterSword