php - How to stop malicious automatic iFrame Form Input from other site? -


so there's guy putting code on site:

<iframe name="frame" src="" frameborder="0"  width="1" height="1" allowfullscreen style="width:1;height:1;"></iframe> <form name="form" method="post" action="http://mysite.com/vote.php" target="frame">   <input type="hidden" name="vote" value="1" />   <input type="hidden" name="id" value="1337" /> </form> <script type="text/javascript">   document.forms.form.submit(); </script>

with little piece of code he's tricking users voting post (1337) in favor.

how can stop this? ideas?

i've tried following (.htaccess) doesn't stop it:

# disable iframe header set x-frame-options deny header append x-frame-options sameorigin

i'm assuming 2 things here:

  1. you've got mod_headers installed , enabled;

  2. you've placed header entries inside of <ifmodule mod_headers.c> (or variant thereof).

whether assumptions correct or not, let's troubleshoot issue:

  1. make sure actual header being sent browser - don't state anywhere in question you've tested this;

  2. try additional header: header set x-xss-protection "1; mode=block";

  3. remove <ifmodule ...> section, see if apache fails (or gives warning) informing module isn't loaded;

  4. you do not want use header append ... since append desired value (to possibly existing entry), , knows how browsers interpret that;

  5. maybe try this:

    header unset x-frame-options deny header set x-frame-options deny

Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more