#5931 closed Bug (duplicate)
please, protect web-ui against Clickjacking-attacks
Reported by: | plm___ | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | None Set |
Component: | Web Client | Version: | 2.84 |
Severity: | Normal | Keywords: | |
Cc: |
Description
good day!
XSS, CSRF and Clickjacking -- it is three most used web-vulnerability at this day (in internet).
and today, web-ui ( http://localhost:9091/transmission/web/ ) -- not protected from Clickjacking-attacks ..
Clickjacking -- it is not very seriously vulnerability -- but still is joylessly :-( ..
please, add just only one new HTTP-Header to server http://localhost:9091/ :
Content-Security-Policy: "frame-ancestors 'self'"
this HTTP-Header will be enough against Clickjacking
thanks in advance! :)
Attachments (1)
Change History (3)
Changed 6 years ago by plm___
comment:1 Changed 6 years ago by mike.dld
- Resolution set to duplicate
- Status changed from new to closed
comment:2 Changed 6 years ago by plm___
Note: See
TracTickets for help on using
tickets.
Looks like duplicate of #5894, which suggests to add Content-Security-Policy: ... frame-ancestors 'none' header. Let's continue the discussion there.