audrius/web
1
0
Fork 1
mirror of https://github.com/OCA/web.git synced 2025-02-22 13:21:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b8246ea9ee903fd2785b7058b1f50fa2987bb6e
web/web_clickjack_protection/README.rst
OCA-git-bot 8068467ba0 [BOT] post-merge updates
2024-03-09 15:47:23 +00:00

80 lines
3.4 KiB
ReStructuredText
Raw Blame History

========================
Web Clickjack Protection
========================
..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:4a3a5a38147af3f764f72fd71f05c9d4299bd2d2aab889a133d9df304f166268
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fweb-lightgray.png?logo=github
:target: https://github.com/OCA/web/tree/11.0/web_clickjack_protection
:alt: OCA/web
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/web-11-0/web-11-0-web_clickjack_protection
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/web&target_branch=11.0
:alt: Try me on Runboat
|badge1| |badge2| |badge3| |badge4| |badge5|
Clickjacking is a technique by which a malicious party embeds your website in an <iframe>, then hovers buttons over it to make the user think he is clicking on your site when in fact he is communicating with the parent frame.
Clickjacking can be prevented on the webserver side by adding headers, but there are `ways around this <https://github.com/niutech/x-frame-bypass>`_. This module prevents clickjacking more thoroughly by making it impossible for your site to be embedded. It does so by adding a small "framebreaker" Javascript which creates a CSS style element on the fly to hide the body of the current page by default. Then, if it doesn't detect a parent frame, it removes it again.
**Table of contents**
.. contents::
:local:
Bug Tracker
===========
Bugs are tracked on `GitHub Issues <https://github.com/OCA/web/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/web/issues/new?body=module:%20web_clickjack_protection%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
Do not contact contributors directly about support or help with technical issues.
Credits
=======
Authors
~~~~~~~
* Sunflower IT
Contributors
~~~~~~~~~~~~
* Tom Blauwendraat <tom@sunflowerweb.nl>
* Kevin Kamau <kevin@sunflowerweb.nl>
Maintainers
~~~~~~~~~~~
This module is maintained by the OCA.
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
This module is part of the `OCA/web <https://github.com/OCA/web/tree/11.0/web_clickjack_protection>`_ project on GitHub.
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
Reference in New Issue View Git Blame Copy Permalink