Description

The application can be embedded in malicious iframes allowing an attacker to hijack the user clicks to perform actions without the user consent.

Impact

Hijack the user clicks to execute unintended actions.

Recommendation

Set the frame-ancestors policy in the Content Security Policy using a secure configuration.

Threat

Anonymous attacker from Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes