This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
[HackerOne] about: pages may be clickjacked #4885
Comments
bbondy
pushed a commit
that referenced
this issue
Oct 18, 2016
Fix #4885 Auditors: @bbondy Test Plan: 1. go to http://web.mit.edu/zyan/Public/xframe.html 2. verify that the iframe is empty and there is a CSP error in the console
|
This fix disables a flash placeholder on y8.com, which was also confirmed by @alexwykoff and @srirambv.
Please look at the 2nd line there. |
|
great catch, fixing |
|
no easy fix for 0.12.5 so this is being moved to 0.12.6. |
This was referenced Oct 20, 2016
|
Shows preferences page and not blank frame
|
|
@bbondy did this make it into the preview build? |
|
looks like it didn't, but it should be fixed on master so i'm closing this |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
they should have the frame-ancestors header
reported at https://hackerone.com/reports/175990
The text was updated successfully, but these errors were encountered: