E fua atoatoa le WalkURLs?

Ioe. O le WalkURLs e 100% fua ma leai ni totogi natia, leai ni tulaga maualuga, ma e le mana'omia se teugatupe. Tatala le itulau, fa'apipi'i au URL, ona amata lea ona su'esu'e.

Aisea e foliga gaogao ai nisi upega tafa'ilagi?

E tele upega tafa'ilagi e poloka le fa'aofiina o iframe e ala i le X-Frame-Options po'o le Content-Security-Policy headers. O se vaega puipuiga lea a le su'esu'ega. O au lava upega tafa'ilagi e galue lelei pe afai e te fa'atulagaina headers sa'o.

E fa'apefea ona ou fa'agalueina a'u lava upega tafa'ilagi ma le WalkURLs?

Seti le Content-Security-Policy header i le: frame-ancestors 'self' https://walkurls.com. E fa'atagaina ai le WalkURLs e fa'aofi au saite a'o fa'amautuina le puipuiga mai isi puna.

E galue le WalkURLs i telefoni feavea'i?

Ioe. O le WalkURLs e fa'atonu atoatoa ma e galue i so'o se masini ma se su'esu'ega faaonaponei. O le pa'u i le itu e avea ma fa'aaliga ata-atoa i telefoni feavea'i mo le fa'aogaina faigofie o URL.

WalkURLs — Mea Su'esu'e URL Fa'asoloso'o Fua i le Initaneti

Saoasaoa o le Savaliga

Fa'apitoa:

Savali i le 5,000 ms (5 sekone)

Leai se URL ua utaina

0 / 0

Fa'apipi'i URL i le pa'u i le itu e amata ai

Oomi le S e sui le pa'u i le itu · ? mo fesoasoani

Atonu e polokaina e lenei saite le fa'aofiina o iframe. Atonu e foliga gaogao le itulau.

Aisea e gaogao ai le itulau?

E tele upega tafa'ilagi e poloka le fa'aofiina o iframe e ala i HTTP headers. O se vaega puipuiga lea e puipuia ai mai le clickjacking.

⚠ Pe fa'apefea ona galue le polokaina

E auina atu e upega tafa'ilagi headers e ta'u atu i lau su'esu'ega: "Aua le fa'aofi a'u." E usiusita'i le su'esu'ega → iframe gaogao.

Header	A'afiaga
`X-Frame-Options: DENY`	Poloka uma
`X-Frame-Options: SAMEORIGIN`	Itulagi tutusa lava
`CSP: frame-ancestors 'none'`	Poloka faaonaponei

Fetaui

Saite	Tulaga
Google, Gmail, GitHub	Polokaina
Facebook, X / Twitter	Polokaina
Wikipedia	Vaega
Au lava upega tafa'ilagi	Galue ✓
Meafaigaluega totonu / fa'aaliga	Galue ✓
Saite tumau / pepa	Galue ✓

Fa'agalue au saite

✓ Fautuaina

Seti le frame-ancestors e fa'atagaina na'o le walkurls.com.

Apache (.htaccess)

Header set Content-Security-Policy "frame-ancestors 'self' https://walkurls.com"
Header unset X-Frame-Options

Nginx

add_header Content-Security-Policy "frame-ancestors 'self' https://walkurls.com";

Node.js / Express

app.use((req, res, next) => {
  res.setHeader('Content-Security-Policy',
    "frame-ancestors 'self' https://walkurls.com");
  res.removeHeader('X-Frame-Options');
  next();
});

PHP

header("Content-Security-Policy: frame-ancestors 'self' https://walkurls.com");
header_remove("X-Frame-Options");

Vercel (vercel.json)

{
  "headers": [{
    "source": "/(.*)",
    "headers": [{
      "key": "Content-Security-Policy",
      "value": "frame-ancestors 'self' https://walkurls.com"
    }]
  }]
}

Netlify (_headers)

/*
  Content-Security-Policy: frame-ancestors 'self' https://walkurls.com

Su'ega

Tatala le DevTools F12 → Console. Afai e polokaina:

Refused to display 'https://...' in a frame
because it set 'X-Frame-Options' to 'deny'.

Siaki headers e ala i le terminal:

curl -I https://your-site.com | grep -i "frame\|content-security"

Puipuiga

⚠ Aua le fa'aogaina le frame-ancestors * i le galuega moni

Fa'ailoa pea: https://walkurls.com

Ki pu'upu'u

← →	Talu ai / Sosoo
Space	Sui le ta'alo otometi
Home End	Muamua / Mulimuli
S	Sui le pa'u i le itu
F	Ata atoa
?	Lenei laulau fesoasoani

Fesoasoani & Fo'ia o Fa'afitauli