[11.0][ADD] web_clickjack_protection

setup/web_clickjack_protection/odoo/addons/web_clickjack_protection

@@ -0,0 +1 @@
+../../../../web_clickjack_protection

setup/web_clickjack_protection/setup.cfg

@@ -0,0 +1,2 @@
+[bdist_wheel]
+universal=1

setup/web_clickjack_protection/setup.py

@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)

web_clickjack_protection/README.rst

@@ -0,0 +1,76 @@
+========================
+Web Clickjack Protection
+========================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fweb-lightgray.png?logo=github
+    :target: https://github.com/OCA/web/tree/11.0/web_clickjack_protection
+    :alt: OCA/web
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/web-11-0/web-11-0-web_clickjack_protection
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/162/11.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+Clickjacking is a technique by which a malicious party embeds your website in an <iframe>, then hovers buttons over it to make the user think he is clicking on your site when in fact he is communicating with the parent frame.
+
+Clickjacking can be prevented on the webserver side by adding headers, but there are `ways around this <https://github.com/niutech/x-frame-bypass>`_. This module prevents clickjacking more thoroughly by making it impossible for your site to be embedded. It does so by adding a small "framebreaker" Javascript which creates a CSS style element on the fly to hide the body of the current page by default. Then, if it doesn't detect a parent frame, it removes it again.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/web/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/web/issues/new?body=module:%20web_clickjack_protection%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Sunflower IT
+
+Contributors
+~~~~~~~~~~~~
+
+* Tom Blauwendraat <[email protected]>
+* Kevin Kamau <[email protected]>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/web <https://github.com/OCA/web/tree/11.0/web_clickjack_protection>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

web_clickjack_protection/__init__.py

@@ -0,0 +1,2 @@
+# Copyright 2021 Sunflower IT <https://www.sunflowerweb.nl>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

web_clickjack_protection/__manifest__.py

@@ -0,0 +1,15 @@
+# Copyright 2021 Sunflower IT <https://www.sunflowerweb.nl>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+{
+    "name": "Web Clickjack Protection",
+    "version": "11.0.1.0.0",
+    "author": "Sunflower IT,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/web",
+    "license": "AGPL-3",
+    "category": "Usability",
+    "summary": "Protects Odoo instancess from possible Clickjacking attacks",
+    "depends": ["web"],
+    "data": ["views/web_assets.xml"],
+    "installable": True,
+    "auto_install": False,
+}

web_clickjack_protection/readme/CONTRIBUTORS.rst

@@ -0,0 +1,2 @@
+* Tom Blauwendraat <[email protected]>
+* Kevin Kamau <[email protected]>

web_clickjack_protection/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+Clickjacking is a technique by which a malicious party embeds your website in an <iframe>, then hovers buttons over it to make the user think he is clicking on your site when in fact he is communicating with the parent frame.
+
+Clickjacking can be prevented on the webserver side by adding headers, but there are `ways around this <https://github.com/niutech/x-frame-bypass>`_. This module prevents clickjacking more thoroughly by making it impossible for your site to be embedded. It does so by adding a small "framebreaker" Javascript which creates a CSS style element on the fly to hide the body of the current page by default. Then, if it doesn't detect a parent frame, it removes it again.