23 lines
825 B
Markdown
23 lines
825 B
Markdown
Frameguard mitigates clickjacking attacks by setting the `X-Frame-Options` header.
|
|
|
|
## Attack
|
|
|
|
Attackers get you to click on something you do not wish to click on. Often they do this by iframing other website, buttons but with a different context.
|
|
|
|
For example lets say your button says you are only going to vote democrat, hackers may make a website that says you will only vote republican and iFrame your button in their website.
|
|
|
|
|
|
## The Header
|
|
|
|
The `X-Frame-Options` header tells browsers to prevent your webpage from being put in an iframe. This can also control which domains are allowed to load iframes from your site.
|
|
|
|
## Code
|
|
|
|
```csharp
|
|
|
|
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
|
|
{
|
|
app.UseFrameGuard(new FrameGuardOptions("http://amazon.com"));
|
|
}
|
|
|
|
``` |