> turning it into another bug bounty eye-roller like ClickJacking When did click... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		minitech on Jan 5, 2020 \| parent \| context \| favorite \| on: Promiscuous cookies and their impending death via ... > turning it into another bug bounty eye-roller like ClickJacking When did clickjacking get mitigated by default by browsers? As far as I know it’s still up to websites to prevent framing explicitly.

tptacek on Jan 5, 2020 [–]

I'm not saying that CJ has been mitigated by default the way CSRF is poised to be, but rather that it's very rarely exploitable, which is soon to be the case for CSRF as well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact