Sunday, May 13, 2018

Abdelkader did penetration tests on a Lino site and reported that it is not protected against clickjacking. Indeed, Lino doesn’t provide this as a default. But Django provides a simple solution (at least for modern browsers): Clickjacking Protection

So in order to to protect a Lino application against clickjacking, you add one line to your

class Site(Site):

SITE = Site(globals())


See also Security of Lino applications.