Does anyone know of a list of DNS providers that support the Domain Connect protocol?
The one on the DNS Connect website is pretty short. I am curious if there are others out there.
| Blog | https://www.emmanuelgautier.com |
Emmanuel Gautier
- 11 Followers
- 19 Following
- 6 Posts
Solution Architect & Fullstack Developer living in France. Tech enthusiast and Data Lover
The question remains for Paypal. Payment form sounds critical as well and could be victims of the same Clickjacking attack type, no?
If anyone knows, curious to understand how @paypaldev manages this threat type with Paypal iframes.
The answer was in the OAuth spec itself. To avoid Clickjacking attack, the OAuth flow should be avoided in an iframe.
RFC 6749: The OAuth 2.0 Authorization Framework
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK]
In order to give more context, the idea is to authenticate what is in the iframe only. This iframe can be integrated from a website on any domain so no strict restriction is possible.
No id, token, or anything else is exposed by the iframe of course.
The Express CSURF package has been deprecated some months ago for security reasons.😱
https://github.com/expressjs/csurf#readme
Do you know which package is the most used now to manage CSRF?
