Implement clickjacking protection on https://answers.atlassian.com/

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to clickjacking. This can be fixed by sending a X-Frame-Options header with a value of SAMEORIGIN. This will prevent answers from being displayed in frames on other websites, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options for more information.

              Assignee:
              eternicode
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: