hop icon indicating copy to clipboard operation
hop copied to clipboard

Published 20 hours ago verified publisher icon manuel-serrano

Security vulnerability: use X-Frame-Options header as default

Open svenha opened this issue 5 months ago • 1 comments

All Hop websites (without any special configuration) are vulnerable to click jacking (or UI redress attack). Can we please have a default http header? For example,

 X-Frame-Options: SAMEORIGIN

see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

svenha avatar Feb 25 '24 14:02 svenha