Edit Page

Clickjacking

Clickjacking (aka "UI redress attacks") happens when an attacker manages to trick your users into triggering "unintended" UI events (e.g. DOM events).

X-FRAME-OPTIONS

One simple way to help prevent clickjacking attacks is to enable the X-FRAME-OPTIONS header.

Using lusca

lusca is open-source under the Apache license

First:

# In your sails app
npm install lusca --save

Then, in the middleware config object in config/http.js:

// ...
 // maxAge ==> Number of seconds strict transport security will stay in effect.
 xframe: require('lusca').xframe('SAMEORIGIN'),
 // ...
 order: [
 // ...
 'xframe'
 // ...
 ]

Additional Resources

Clickjacking (OWasp)

Is something missing?

If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the sails repo. Once we merge it, the changes will be reflected on the website the next time it is deployed.

Documentation

Reference Concepts App structure | Upgrading Contribution guide | Tutorials More

Concepts

Sails logo

Concepts

Built with Love

The Sails framework is built by a web & mobile shop in Austin, TX, with the help of our contributors. We created Sails in 2012 to assist us on Node.js projects. Naturally we open-sourced it. We hope it makes your life a little bit easier!

Sails:

About:

Help:

© 2012-2026 The Sails Company.
The Sails framework is free and open-source under the MIT License.
Illustrations by Edamame.