Full story at the BBC:
So in short, if you’re an Internet user (outside China) who browses a website that uses something like Baidu’s analytics software, Chinese networking hardware detects the request in China as it passes through and sends back a fake response with malicious script to continuously reload specific pages @ GitHub.
Is this possible in a Meteor app, or BrowserPolicy can protect (and maybe detect) against this?
That article is from 2015. That is 9 years ago.
It is not possible to include GitHub pages in iframe. I did try, to have links to wiki documentation, but because of GitHub’s browser policy framing restrictions, it is not possible to show anything from GitHub in iframe at all.
For Meteor apps, if you would like it to not be in iframe, you can add browser policy framing packages:
meteor add browser-policy-common
meteor add browser-policy-framing
Then add to server/policy.js
import { BrowserPolicy } from 'meteor/browser-policy-common';
Meteor.startup(() => {
BrowserPolicy.framing.disallow();
});
And that post above was from April 2015. Must’ve been unearthed from the topics categorization
Yes, but it is good to answer these even now with updates after all these years in case someone comes across them in search.