Edit Page

Clickjacking

Clickjacking (aka "UI redress attacks") happens when an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events).

X-FRAME-OPTIONS

One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.

Using lusca

lusca is open-source under the Apache license

First:

# In your sails app
npm install lusca --save

Then, in the middleware config object in config/http.js:

// ...
  // maxAge ==> Number of seconds strict transport security will stay in effect.
  xframe: require('lusca').xframe('SAMEORIGIN'),
  // ...
  order: [
    // ...
    'xframe'
    // ...
  ]

Additional Resources

Clickjacking (OWasp)

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.

Documentation

Concepts

Built with Love

The Sails framework is built by a web & mobile shop in Austin, TX, with the help of our contributors. We created Sails in 2012 to assist us on Node.js projects. Naturally we open-sourced it. We hope it makes your life a little bit easier!

Sails:

About:

Help:

© 2012-2021 The Sails Company.
The Sails framework is free and open-source under the MIT License.
Illustrations by Edamame.