You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue: The X-Frame-Options header is missing on this page, making it potentially vulnerable to clickjacking attacks.
Description: Clickjacking is a type of attack that tricks a user into clicking on something different from what the user perceives, effectively hijacking clicks meant for the legitimate webpage and routing them to an attacker’s page. This can result in unauthorized actions or disclosure of sensitive information.
Steps to Reproduce:
Create a new HTML file (e.g., clickjacking_test.html).
Save the file and open it in a web browser, Crome or Firefox.
Observe that the https://bridge.archethic.net/bridge dashboard page is loaded within an iframe, and any interaction with the button will demonstrate the potential for clickjacking.
To prevent clickjacking attacks, it is recommended to add the X-Frame-Options header to your HTTP response. This header can be set to DENY or SAMEORIGIN to prevent your pages from being framed by other websites.
Example:
X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN
Description
Issue: The X-Frame-Options header is missing on this page, making it potentially vulnerable to clickjacking attacks.
Description: Clickjacking is a type of attack that tricks a user into clicking on something different from what the user perceives, effectively hijacking clicks meant for the legitimate webpage and routing them to an attacker’s page. This can result in unauthorized actions or disclosure of sensitive information.
Steps to Reproduce:
Logs / Images
Affected URLs:
https://bridge.archethic.net/bridge
https://bridge.archethic.net/localHistory
https://bridge.archethic.net/refund
https://www.archethic.net/wallet
https://dex.archethic.net/swap
https://dex.archethic.net/poolList
https://dex.archethic.net/farmList
https://aeweb.archethic.net/
Platform
No response
Version of Archethic apps
No response
Fix
To prevent clickjacking attacks, it is recommended to add the X-Frame-Options header to your HTTP response. This header can be set to DENY or SAMEORIGIN to prevent your pages from being framed by other websites.
Example:
X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN
Reference:
MetaMask Clickjacking Vulnerability Analysis
The text was updated successfully, but these errors were encountered: