|
|
|
|
|
|
by notriddle
1325 days ago
|
|
|
No, you're thinking of clickjacking. The "attack" I'm thinking of is hijacking the back button, but done using iframes instead of history.pushState. It doesn't involve any third-party origins, so x-frame-options doesn't matter, because a domain owner that wants to launch this attack has control of all the HTTP headers. |
|
|