Clickjacking (aka "UI redress attacks") are where an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events.)
One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.
luscais open-source under the Apache license
# In your sails app npm install lusca --save
Then in the
middleware config object in
// ... // maxAge ==> Number of seconds strict transport security will stay in effect. xframe: require('lusca').xframe('SAMEORIGIN'), // ... order: [ // ... 'xframe' // ... ]
Is something missing?
If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails-docs repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.
- Custom Responses
- Extending Sails
- File Uploads
- Models and ORM
We wrote a book!
Get early access to the book
with promotion code: mcneildoc