Skip to main content
All CollectionsSecurity & ComplianceFlusk
How do I fix the iFrame Restriction issue flagged by Flusk?
How do I fix the iFrame Restriction issue flagged by Flusk?
Updated over a month ago

An iframe is a tool for embedding external content into a website. It's like a "window within a window" that shows information from other sources. The actual issue is about allowing your app to be rendered as an iFrame.

It can cause several security vulnerabilities, such as:

  • Clickjacking

  • Phishing

  • Malware distribution

  • ...and so on

That's why you don't want to allow external people to use your website as an iFrame (unless it's part of your business logic, in this case, you can ignore this issue).

Solution

Disallowing people from rendering your application as an iFrame is quite easy. You'll have to open your Bubble editor, and then navigate to "Settings > General". You'll find a property called "Allow to render the app in a frame/iframe (X-Frame-Options)". Simply define this property to "Block all frames".

Did this answer your question?