Comments (4)
As long as it's SSG, we cannot do much about it as we don't control the headers (as far as I know).
Anyway, we don't use cookie for our websites so should be fine, and if they are, we are using the SameSite lax policy.
from nuxt.com.
Thanks for your contribution to Nuxt!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
If you would like this issue to remain open:
- Verify that you can still reproduce the issue in the latest version of nuxt-edge
- Comment the steps to reproduce it
Issues that are labeled as pending
will not be automatically marked as stale.
from nuxt.com.
Yes I still can reproduce this issue after you update you version.
Here are the steps to reproduce the vulnerability:
1.open notepad and paste the following code.
<title>i Frame</title> This is clickjacking vulnerable <iframe src=" https://nuxtjs.org/ " frameborder="2 px" height="500px" width="500px"></iframe> 2.save it as .html eg s.html3.and just simply open that...
OR
Copy the link below and paste on your updated browser (Chrome,Firefox).
https://clickjacker.io/test?url=https://nuxtjs.org/
from nuxt.com.
This still applies to nuxt.com
. Mitigating this potential issue would mean that the docs can't be used inside an iframe
anymore.
from nuxt.com.
Related Issues (20)
- docs: `nuxt.com/docs/` broken/does not redirect to `nuxt.com/docs` HOT 2
- Nuxt.com loads immense amounts of JSON
- docs: Sidebar and Footer Content Ordering doesn't match HOT 1
- Modules pages : re-add the filter for official modules HOT 1
- Nuxt.com has not been opening HOT 3
- [question] Is this a typo? HOT 2
- docs: nuxi build missing `--preset` option
- 500 error: r.value is null HOT 1
- 500 error loading dynamically imported module on Firefox HOT 13
- Nuxt offical website unable to show search dialog on Chrome HOT 2
- nuxt.com throwing errors HOT 2
- PNPM Deployment to GitHub Pages
- Doc is broken HOT 11
- Cannot load payload ~ A bug maybe
- Short analysis on visual clarity: Attention, Emphasis, Separation, Grouping and Unambiguity HOT 2
- Missing styles for h5 HOT 1
- docs: add deploy to Coolify.io HOT 1
- Fonts have changed, not sure if this is intended HOT 1
- [Enterprise] Support page rework
- 404 Error when loading Fonts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuxt.com.