Y
Hacker News
new
|
ask
|
show
|
jobs
by
d4mi3n
504 days ago
Pretty sure content-securty-policy headers can prevent this type of attack these days for browsers that support them. Check out the frame-ancestors CSP directive:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...