Current Behavior

Clickjacking is an attack where an attacker tricks users into clicking on hidden or disguised elements by overlaying a malicious page on top of a legitimate one. This can lead to unintended actions or data theft.

Desired Situation

Use the X-Frame-Options header, setting it to SAMEORIGIN to prevent framing by other sites.

Extra Credit

Additionally, potentially use Content Security Policy (CSP)'s frame-ancestors directive to specify which sites can frame our content.

Acceptance Tests

1. Ensure that signing into https://cloud.layer5.io is unaffected.
2. Ensure that submission of forms like that of https://layer5.io/newcomers is unaffected.
3. Ensure that calendar links to meet with the team is unaffected.

Contributor Resources and Handbook

The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.

• 📚 See contributing instructions.
• 🎨 Wireframes and designs for Layer5 site in Figma (open invite)
• 🙋🏾🙋🏼 Questions: Discussion Forum and Community Slack.

Join the Layer5 Community by submitting your community member form.