Prevent Clickjacking

[leecalcote]

Current Behavior

Clickjacking is an attack where an attacker tricks users into clicking on hidden or disguised elements by overlaying a malicious page on top of a legitimate one. This can lead to unintended actions or data theft.

Desired Situation

Use the X-Frame-Options header, setting it to SAMEORIGIN to prevent framing by other sites.

Extra Credit

Additionally, potentially use Content Security Policy (CSP)'s frame-ancestors directive to specify which sites can frame our content.

Acceptance Tests

1. Ensure that signing into https://cloud.layer5.io is unaffected.
2. Ensure that submission of forms like that of https://layer5.io/newcomers is unaffected.
3. Ensure that calendar links to meet with the team is unaffected.

---

Contributor Resources and Handbook

The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.

• 📚 See contributing instructions.
• 🎨 Wireframes and designs for Layer5 site in Figma (open invite)
• 🙋🏾🙋🏼 Questions: Discussion Forum and Community Slack.

Join the Layer5 Community by submitting your community member form.

[saurabhraghuvanshii]

hi @leecalcote I want to work on this, it is new type of issue and it is interesting for me, I will learn lot. please assign to me.

[leecalcote]

Sounds real good, @saurabhraghuvanshii. Thanks for pick it up. 👍