|
|
| Line 47: |
Line 47: |
| === Cross Domain Controls === | | === Cross Domain Controls === |
| * X-frame-options in header options | | * X-frame-options in header options |
|
| |
| ==== See that x/frame-option is denied ====
| |
| Type:
| |
|
| |
| > telnet 127.0.0.1 8000
| |
|
| |
| > GET /en-US/msw/ HTTP/1.1
| |
|
| |
| > press enter
| |
|
| |
| Results: See that '''x-frame-options: DENY''' is there!
| |
| <pre>
| |
| telnet 127.0.0.1 8000
| |
| Trying 127.0.0.1...
| |
| Connected to localhost.
| |
| Escape character is '^]'.
| |
| GET /en-US/msw/ HTTP/1.1
| |
|
| |
| HTTP/1.0 200 OK
| |
| Date: Thu, 09 Jun 2011 23:41:32 GMT
| |
| Server: WSGIServer/0.1 Python/2.7.1
| |
| x-frame-options: DENY
| |
| Content-Type: text/html; charset=utf-8
| |
|
| |
| <!DOCTYPE html>
| |
| <head>
| |
| <title>Hi there</title>
| |
| </head>
| |
| <body>
| |
|
| |
| <h1>aaiiibarbari</h1>
| |
|
| |
| Hi do I have a good title?
| |
|
| |
| <ul>
| |
| <li><a href="/msw/sqlinjection/">page title: SQL Injection</a> </li>
| |
| <li><a href="/msw/xss/">page title: XSS</a> </li>
| |
| </ul>
| |
|
| |
| </body>
| |
| </html>
| |
| Connection closed by foreign host.
| |
| </pre>
| |
|
| |
|
| |
|
| ==== Where playdoh set x-frame-option to "deny" ==== | | ==== Where playdoh set x-frame-option to "deny" ==== |