Clickjacking

Clickjacking (aka “UI redress attacks”) are where an attacker manages to trick your users into triggering “unintended” UI events (e.g. DOM events.)

X-FRAME-OPTIONS

One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.

Using lusca

lusca is open-source under the Apache license

  1. # In your sails app
  2. npm install lusca --save

Then in the middleware config object in config/http.js:

  1.   // ...
  2.   // maxAge ==> Number of seconds strict transport security will stay in effect.
  3.   xframe: require('lusca').xframe('SAMEORIGIN')
  4.   // ...
  5.   order: [
  6.     // ...
  7.     'xframe'
  8.     // ...
  9.   ]

Additional Resources