Anti-Clickjacking Code Causes Page to Continually Refresh

Question

I have a Wordpress site and I have following code designed to prevent clickjacking:

<script type="text/javascript">
   if (self === top) {
       var antiClickjack = document.getElementById("antiClickjack");
       antiClickjack.parentNode.removeChild(antiClickjack);
   } else {
       top.location = self.location;
   }
</script>

However, this code cause one of my admin pages to constantly refresh. The page is the in the customize section of the the theme I'm building. It is happening because the preview is displayed in an iframe.

What can I do to prevent clickjacking on legacy browsers, while also fix the issue of the page reloading constantly? Ideally, I would be able to modify this javascript somehow.

score 0 · Answer 1 · answered Jul 17 '17 at 09:08

<script type="text/javascript">
   if (self === top || self.location === 'yourPreviewPage') {
       var antiClickjack = document.getElementById("antiClickjack");
       antiClickjack.parentNode.removeChild(antiClickjack);
   } else {
       top.location = self.location;
   }
</script>

You can bypass those pages (specially preview page in your case) for framing using similar code above. Other options for anticlickjacking is to use response headers -

CSP frame ancestor and x frame options

Anti-Clickjacking Code Causes Page to Continually Refresh

1 Answers1