gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
a07f84c8ecade8833f836f5056c7e39fa0842813
freeCodeCamp/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/mitigate-the-risk-of-clickjacking-with-helmet.frameguard.md

51 lines
2.2 KiB
Markdown
Raw Normal View History

feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
---
id: 587d8247367417b2b2512c38
title: Mitigate the Risk of Clickjacking with helmet.frameguard()
challengeType: 2
fix(curriculum): Added forumTopicId to remaining 1200 challeng… (#36558)
2019-08-05 09:17:33 -07:00
forumTopicId: 301582
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
---
## Description
<section id='description'>
feat: update backend project links (#39314) * feat: update backend project links Replace solution and remix Glitch links with equivalent Repl.it links in backend projects/challenges and intro pages. * fix: link and Repl.it casing * fix: update mention of glitch in testing challenge * Apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
2020-08-18 06:38:16 +09:00
As a reminder, this project is being built upon the following starter project on <a href="https://repl.it/github/freeCodeCamp/boilerplate-infosec">Repl.it</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
Your page could be put in a <code>&lt;frame&gt;</code> or <code>&lt;iframe&gt;</code> without your consent. This can result in clickjacking attacks, among other things. Clickjacking is a technique of tricking a user into interacting with a page different from what the user thinks it is. This can be obtained executing your page in a malicious context, by mean of iframing. In that context a hacker can put a hidden layer over your page. Hidden buttons can be used to run bad scripts. This middleware sets the X-Frame-Options header. It restricts who can put your site in a frame. It has three modes: DENY, SAMEORIGIN, and ALLOW-FROM.
fix(formatting): Information Security with HelmetJS challenges (#35419) * fix(formatting): Information Security with HelmetJS challenges fix(formatting): Information Security with HelmetJS challenges fix(formatting): Information Security with HelmetJS challenges fix(formatting): Hetmet JS challenges fix(formatting): Hetmet JS challenges * fix(curriculum): Remove hr * fix(formatting): Helmet JS * Change code to blockquote * fix: indented code in blockquotes
2019-03-03 22:37:37 +05:30
We dont need our app to be framed.
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
</section>
## Instructions
<section id='instructions'>
fix(formatting): Information Security with HelmetJS challenges (#35419) * fix(formatting): Information Security with HelmetJS challenges fix(formatting): Information Security with HelmetJS challenges fix(formatting): Information Security with HelmetJS challenges fix(formatting): Hetmet JS challenges fix(formatting): Hetmet JS challenges * fix(curriculum): Remove hr * fix(formatting): Helmet JS * Change code to blockquote * fix: indented code in blockquotes
2019-03-03 22:37:37 +05:30
Use <code>helmet.frameguard()</code> passing with the configuration object <code>{action: 'deny'}</code>.
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
</section>
## Tests
<section id='tests'>
```yml
chore(curriculum): Remove files in wrong format
2018-10-04 14:37:37 +01:00
tests:
- text: helmet.frameguard() middleware should be mounted correctly
fix(curriculum): quotes in tests (#18828) * fix(curriculum): tests quotes * fix(curriculum): fill seed-teardown * fix(curriculum): fix tests and remove unneeded seed-teardown
2018-10-20 21:02:47 +03:00
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'frameguard', 'helmet.frameguard() middleware is not mounted correctly'); }, xhr => { throw new Error(xhr.responseText); })
chore(curriculum): Remove files in wrong format
2018-10-04 14:37:37 +01:00
- text: helmet.frameguard() 'action' should be set to 'DENY'
fix(curriculum): quotes in tests (#18828) * fix(curriculum): tests quotes * fix(curriculum): fill seed-teardown * fix(curriculum): fix tests and remove unneeded seed-teardown
2018-10-20 21:02:47 +03:00
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.property(data.headers, 'x-frame-options'); assert.equal(data.headers['x-frame-options'], 'DENY');}, xhr => { throw new Error(xhr.responseText); })
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
```
</section>
## Challenge Seed
<section id='challengeSeed'>
</section>
## Solution
<section id='solution'>
```js
add comment explaining no need for solutions (#37227)
2019-10-14 21:00:42 +05:30
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
```
fix(curriculum): added extra line before </section> tag - Engl… (#36278)
2019-07-18 08:24:12 -07:00
feat(challenge-md): Add initial markdown challenge files
2018-09-30 23:01:58 +01:00
</section>
Reference in New Issue Copy Permalink