Seems crazy that sites need to individually opt in to anti-Clickjacking with CSP... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

gohrt on Sept 2, 2014 | parent | context | favorite | on: Show HN: RandomStartup.org – Refresh the page to d...

Seems crazy that sites need to individually opt in to anti-Clickjacking with CSP, instead of modern browsers disabling it by default.

In other cases, the default is to not let a page mix origins: http://en.wikipedia.org/wiki/Same-origin_policy#Cross-Origin...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact