Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986

Closed
Grez opened this issue Aug 27, 2020 · 1 comment
Closed

Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986

Grez opened this issue Aug 27, 2020 · 1 comment
Assignees
@eleftherias
Labels
in: docs An issue in Documentation or samples type: bug A general bug
Milestone
5.4.0

Comments

@Grez
Copy link

Grez commented Aug 27, 2020

In section Section 5.2.2 Security HTTP Response Headers > X-Frame-Options there is link that leads to private video.

For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (video demo).

Screenshot 2020-08-27 at 23 46 01
@Grez Grez added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Aug 27, 2020
@eleftherias eleftherias self-assigned this Sep 7, 2020
@eleftherias eleftherias added in: docs An issue in Documentation or samples and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 7, 2020
@eleftherias eleftherias added this to the 5.4.0 milestone Sep 7, 2020
@eleftherias
Copy link
Contributor

Thanks @Grez! This is now fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
None yet
Milestone
5.4.0
Development

No branches or pull requests
2 participants
@Grez @eleftherias