A Drupal module that implements a variety of security mechanisms recommended by the W3C concerning defensive measures against Spectre attacks such as:
- Site Isolation
- Decide when (not!) to respond to requests
- Restrict attackers' ability to load your data as a subresource
- Restrict attackers' ability to frame your data as a document
- Restrict attackers' ability to obtain a handle to your window
- Prevent MIME-type confusion attacks
- Full isolation
The Spectre vulnerability occurs when an attacker attempts to access data in memory space. On the web, this can happen when you open a third-party website in a pop-up or new window, or when a third party displays your website in an iframe, and these sites share the same memory/context as your website without enhanced security.
To mitigate Spectre attacks, we have implemented a practical solution from the W3C specification built into this module.
-
Download the module. [Click here for latest version]
-
Install it as you normally would by going to
Extend > Install new module > uploador by extracting the contents of the zip file to yourdrupal/modulesfolder and activating it via your drupal admin dashboard. More info on how to do this here: https://www.drupal.org/docs/extending-drupal/installing-modules -
Once the module installed, click on
Structure > Content typesand click onManage Fieldsfor the content type on which you want the module to be used. -
Click on
Add field& selectPost Spectrefrom theSelect a field typedropdown list. Give it a label and hit save. On the next page you'll be able to configure some default settings then you'll be good to go.
