Skip to content

[Pentest] Potential clickjacking attack#3707

Merged
amit-noy merged 4 commits into
mlrun:feature/ig4from
pini-sh-panda:IG4-2936
Jun 30, 2026
Merged

[Pentest] Potential clickjacking attack#3707
amit-noy merged 4 commits into
mlrun:feature/ig4from
pini-sh-panda:IG4-2936

Conversation

@pini-sh-panda

@pini-sh-panda pini-sh-panda commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

📝 Description

Adds X-Frame-Options: DENY and Content-Security-Policy: frame-ancestors 'none' to all nginx responses to prevent clickjacking attacks.


🛠️ Changes Made

    # Clickjacking protection
    add_header X-Frame-Options "DENY" always;
    add_header Content-Security-Policy "frame-ancestors 'none';" always;


✅ Checklist

  • I have given the PR a well-structured title describing the domain and the specific change that was made
  • I tested the changes in the browser (locally or via preview build)
  • I confirmed that existing tests pass
  • I added or updated unit / integration tests (if needed)
  • I checked that this change doesn’t introduce new console warnings or lint / formatting errors
  • I updated the relevant Jira ticket with the appropriate details and status

🔗 References


🚨 Potentially Breaking Changes

  • Yes
  • No

Includes DRC change

  • Yes
  • No

If yes -> requires bump NPM version


🔍 Additional Notes


📸 Screenshots / Demos


@pini-sh-panda pini-sh-panda requested a review from amit-noy June 30, 2026 10:50
@amit-noy amit-noy merged commit 0d57887 into mlrun:feature/ig4 Jun 30, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants