Jake_N
8 years agoMentor
Stop Click-jacking Security
Hey Everyone,
I am posting this before I raise a support ticket wondering if I am able to stop other domains from loading my communities content/page in an iframe.
I have had a look around and can find reference to ActiveCast widgets and disabling/enabling CSP (Content Security Policy).
I know that I need to enable/add either or both of the below:
- Content-Security-Policy: frame-ancestors 'none';
- X-Frame-Options
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Any help would be appreciated or just let me know if I should raise a ticket.
Hi Jake_N,
Yes, if you reach out to support we can enable it. I've actually gone ahead and enabled it for your community live.