UNPKG

sails

Version:

API-driven framework for building realtime apps, using MVC conventions (based on Express and Socket.io)

sailsjs.com

balderdashy/sails

47 lines (27 loc) 1.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Clickjacking [Clickjacking](https://www.owasp.org/index.php/Clickjacking) (aka "UI redress attacks") happens when an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events). ### X-FRAME-OPTIONS One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header. ##### Using [lusca](https://github.com/krakenjs/lusca#luscaxframevalue) > `lusca` is open-source under the [Apache license](https://github.com/krakenjs/lusca/blob/master/LICENSE.txt) First: ```sh # In your sails app npm install lusca --save ``` Then, in the `middleware` config object in `config/http.js`: ```js // ... // maxAge ==> Number of seconds strict transport security will stay in effect. xframe: require('lusca').xframe('SAMEORIGIN'), // ... order: [ // ... 'xframe' // ... ] ``` ### Additional Resources + [Clickjacking (OWasp)](https://www.owasp.org/index.php/Clickjacking) <docmeta name="displayName" value="Clickjacking"> <docmeta name="tags" value="clickjacking,ui redress attack">