javascript - Anti-Clickjacking Code Causes Page to Continually Refresh -


i have wordpress site , have following code designed prevent clickjacking:

<script type="text/javascript">    if (self === top) {        var anticlickjack = document.getelementbyid("anticlickjack");        anticlickjack.parentnode.removechild(anticlickjack);    } else {        top.location = self.location;    } </script> 

however, code cause 1 of admin pages refresh. page in customize section of the theme i'm building. happening because preview displayed in iframe.

what can prevent clickjacking on legacy browsers, while fix issue of page reloading constantly? ideally, able modify javascript somehow.

<script type="text/javascript">    if (self === top || self.location === 'yourpreviewpage') {        var anticlickjack = document.getelementbyid("anticlickjack");        anticlickjack.parentnode.removechild(anticlickjack);    } else {        top.location = self.location;    } </script> 

you can bypass pages (specially preview page in case) framing using similar code above. other options anticlickjacking use response headers -

csp frame ancestor , x frame options


Comments

Popular posts from this blog

Java 8 + Maven Javadoc plugin: Error fetching URL -

css - SVG using textPath a symbol not rendering in Firefox -

order - Notification for user in user account opencart -