Clickjacking

Clickjacking Possible (OTG-CLIENT-009) 
 Clickjacking is a vulnerability that allows an attacker to trick users into clicking something they didn't intend to, potentially causing unauthorized actions on a website. The best way to prevent this in a Laravel project is by setting the X-Frame-Options HTTP header.

✅ Solution: Protect Laravel from Clickjacking

You need to configure the response headers to prevent clickjacking attacks.

1️⃣ Add X-Frame-Options in Middleware

Laravel provides a built-in middleware to prevent clickjacking. You just need to enable it.

Step 1: Open the Middleware file
Navigate to:
πŸ“‚ app/Http/Middleware/TrustHosts.php (Laravel 7+)
πŸ“‚ app/Http/Middleware/FrameGuard.php (Laravel 5.4 - 6)

If the file doesn't exist, create a new middleware:

php artisan make:middleware FrameGuard

Step 2: Add the following code to prevent clickjacking

namespace App\Http\Middleware;

use Closure;

class FrameGuard
{
    public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
        return $response;
    }
}

Explanation:

  • "SAMEORIGIN" allows the page to be embedded only within the same site.
  • You can also use "DENY" to completely block embedding.

Step 3: Register the Middleware
Open πŸ“‚ app/Http/Kernel.php and add this line under $middleware:

protected $middleware = [
    \App\Http\Middleware\FrameGuard::class,
];

2️⃣ Alternative: Configure X-Frame-Options in .htaccess

If you're using Apache as the web server, you can set the X-Frame-Options header in .htaccess.

πŸ“‚ Open the .htaccess file in your Laravel public folder (public/.htaccess) and add:

<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

If you're using Nginx, modify your server block:

add_header X-Frame-Options "SAMEORIGIN";

3️⃣ Verify If It’s Working

After making the changes, check if the header is present by:

1️⃣ Using Developer Tools in Browser

  • Open your site in Chrome or Firefox.
  • Right-click → Inspect → Network Tab.
  • Reload the page and check the Response Headers.

2️⃣ Using Curl Command Run this in your terminal:

curl -I http://your-website.com

You should see:

X-Frame-Options: SAMEORIGIN

πŸš€ Final Summary

Best Fix → Use Laravel Middleware (X-Frame-Options: SAMEORIGIN)
Alternative → Set it in .htaccess for Apache or in nginx.conf
Test It → Use browser dev tools or curl to verify

Now your Laravel app is protected against Clickjacking! πŸ”’ πŸš€
Let me know if you need further help. 😊

Comments

Post a Comment

Popular posts from this blog

Packaged Food Items Available in India

 India has a wide variety of packaged food items, including biscuits and cakes, catering to different tastes and preferences. Here are some popular brands and types:  Biscuits 1. Parle-G – One of India's most iconic biscuits, known for its simple taste and affordability. 2. Britannia Tiger – A crunchy, tasty biscuit with a slightly sweet flavor. 3. Hide & Seek – A premium chocolate biscuit, known for its indulgent chocolate filling. 4. Milk Bikis – A soft, milk-flavored biscuit loved by kids and adults alike. 5. Good Day – Available in multiple varieties like Cashew, Butter, and Choco Chip. 6. Sunfeast – Known for biscuits like Marie, Nice, and Cream variants. 7. Britannia Treat – Offers a range of cream-filled biscuits in different flavors like chocolate, orange, and strawberry.  Cakes 1. Britannia – Offers a variety of cakes, including the well-known Britannia Little Hearts and Britannia Swiss Chocolate Cake. 2. Hostess – Known for its delicious cakes like the vanil...
Read more

Website Can Be

 1. Generator      a. Name Generator     b. Random Pan Card Generator     c. Random Aadhar Card Generator     d. Bank A/C No. Generator     e. Indian Boy/Girls Name Generator  2. Converter     a. Image Converter     b. video file converter     c. Jpg to Png converter     d. JPG to PDF converter     e. PDF to Image Converter  3. Compress     a. Image compress     b. Video Compress     c. PDF File compress 4. Dummy Files with different extensions and file size.     a. PDF      b. Image     c. Song     d. Video     e. Bank      f. Govt Docs 5. TODO List     a. Notepad and edit 6. Clock     a. Different timezone set and clock     b.  7. Blogs 8. English     a. Meaning     b. Opposite word     c. Similar words ...
Read more