From fb904893641ddc3f67d65c6fe517ce9322d8d9cd Mon Sep 17 00:00:00 2001 From: Kevin Papst Date: Sat, 14 Dec 2024 11:41:30 +0100 Subject: [PATCH] framing --- collections/_documentation/developer/bughunter.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/collections/_documentation/developer/bughunter.md b/collections/_documentation/developer/bughunter.md index 75024036a..94157c8ba 100644 --- a/collections/_documentation/developer/bughunter.md +++ b/collections/_documentation/developer/bughunter.md @@ -70,6 +70,12 @@ Ok, if you are using automated tests, at least make sure they work. - it is not a security risk - there is a `CAA` record with the value `0 issue "letsencrypt.org"` in place +### Website framing + +Being able to frame a website doesn't necessarily mean, that there is a security threat. + +Unless you can prove a clickjacking attack, I do not consider this hypothetical problem to be an issue. + ### "Back" button that keeps working after logout I do not consider this as a security risk. If a user leaves his browser unprotected, he has much more to worry about than a colleague