Edit Page

Clickjacking

Clickjacking (aka "UI redress attacks") happens when an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events).

X-FRAME-OPTIONS

#

One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.

Using lusca
#

lusca is open-source under the Apache license

First:

# In your sails app
npm install lusca --save

Then, in the middleware config object in config/http.js:

// ...
  // maxAge ==> Number of seconds strict transport security will stay in effect.
  xframe: require('lusca').xframe('SAMEORIGIN'),
  // ...
  order: [
    // ...
    'xframe'
    // ...
  ]

Additional Resources

#

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.

Concepts