elliotsawyer/anticlickjack 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

elliotsawyer/anticlickjack

Composer 安装命令:

composer require elliotsawyer/anticlickjack

包简介

Template shim to prevent clickjacking on a SilverStripe website

README 文档

README

Actively combats an attempt to load your SilverStripe site through an iframe. This works as a fallback when used with Security::frame_options = 'DENY' and any X-Frame-Options headers sent by your webserver.

This is not an original idea - the attack and the sample code used to prevent it have been available on the internet since 2008. Clickjacking occurs when an attacker loads your website through an iframe and overlays that frame on an attack page. The opacity of the iframe can be set to 0 and positioned over an element on their page (such as a button) to trick the user into clicking it - the click is actually passed through to your site through the iframe.

A common mitigation is to set your server headers to deny loading from iframes completely, or only allow them if it originates from the same domain. This shim acts as a fallback if those headers are not in place, or your browser is too old or restricted to understand them - if a clickjack is detected, the hostpage will redirect to the URL defined on its src attribute.

installation

composer require elliotsawyer/anticlickjack

usage

Add this at the very end of your tags.

<head>
  ...
  <% include AntiClickjack %>
</head>

license

Copyright 2019 Elliot Sawyer. Released under BSD-3

contributing

Contributions are more than welcome! Please raise some issues or create pull requests on the Github repo.

support

Need some extra help or just love my work? Consider shouting me a coffee or a small donation if this module helped you solve a problem. I accept cryptocurrency at the following addresses:

  • Bitcoin: 12gSxkqVNr9QMLQMMJdWemBaRRNPghmS3p
  • Bitcoin Cash: 1QETPtssFRM981TGjVg74uUX8kShcA44ni
  • Litecoin: LbyhaTESx3uQvwwd9So4sGSpi4tTJLKBdz
  • Ethereum: 0x0694E0704c70D8d178dd2e9522FC59EBBEe86748

统计信息

  • 总下载量: 38
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: Scheme

其他信息

  • 授权协议: BSD-3-Clause
  • 更新时间: 2019-09-03

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固