+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: Click Jacking (/thread-3476.html)
Click Jacking - Zhikter - 09-19-2023
I have tried googling the answer, but I cannot seem to find anything.
Does IntraWeb have built in defenses against click jacking? or is this something that I have to implement?
RE: Click Jacking - Alexandre Machado - 09-20-2023
IntraWeb has all the features (built-in) used to prevent this type of attack:
1- You can prevent IW to run inside an IFrame setting ServerController.SecurityOptions.AllowInIFrame := False;
2- Using ServerController.CookieOptions.SameSite := ssoStrict;
3- Using CSP response headers is also possible. IW won't add any CSP headers by default, but there are plenty of possibilities (And events) for you to inject any CSP header that you need
I believe that preventing to run the IW application in frames would be enough to prevent such attack.
RE: Click Jacking - Comograma - 09-21-2023
"ServerController.SecurityOptions.AllowInIFrame"
Where's this option? Can't find it!! IW v15.4 here!!
RE: Click Jacking - MJS@mjs.us - 09-21-2023
(09-21-2023, 11:44 AM)Comograma Wrote: "ServerController.SecurityOptions.AllowInIFrame"
Where's this option? Can't find it!! IW v15.4 here!!
Found it:
![[Image: clip0016.png]](https://mjs.us/Docs/clip0016.png)
RE: Click Jacking - Alexandre Machado - 09-25-2023
Ops... I said it was in ServerController.SecurityOptions... my memory failed me, sorry. As MJS said, it is in ServerController.SessionOptions