What is Clickjacking?
Clickjacking (classified as a User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.
GridPane Clickjacking Protection
By default, GridPane enables clickjacking protection on all websites. This is an important security measure designed to keep your website and your visitors safe.
An IFrame is a way of inserting content from an external source into your website. Iframes by their very nature are insecure and by enabling them you’re opening up potential security vulnerability which could direct unknowing website visitors to unsafe sites.
Clickjacking protection will block iframes from external sources until you manually disable it.
There are, however, some cases which require clickjacking to be disabled in order to work, and we have a GP-CLI command that you can run to disable it on specific websites.
The X-Frame-Options response header lets a browser know whether it’s allowed to render a page inside an
Learn more about the X-Frame-Options response header here:
Disabling Clickjacking via GP-CLI
If you need to disable clickjacking we recommend configuring and enabling CSP headers in its place. This will allow you to set sources for your iframes at a granular level:
Step 1. SSH into your server
Please see the following articles to get started:
Generate your SSH Key:
Add your SSH Key to GridPane:
Connect to your server:
Step 2. Disable Clickjacking
To turn off clickjacking protection on a specific website, SSH into your server and run the following command (replacing “site.url” with your websites domain name):
gp site site.url -clickjacking-protection-off
gp site gridpane.com -clickjacking-protection-off