jj (archduke), tecto and shrop talk about using the Browser Security package to prevent click jacking and secure other aspects of Meteor applications.
- Browser Policy package https://atmospherejs.com/meteor/browser-policy
- browser-policy README.md https://github.com/meteor/meteor/tree/devel/packages/browser-policy
- Clickjacking: Web pages can see and hear you (original disclosure) http://jeremiahgrossman.blogspot.com/2008/10/clickjacking-web-pages-can-see-and-hear.html
- Click-Jack Test Code https://github.com/originaladcc/rws/blob/master/click-jack-test
- Automated attacks http://samy.pl/quickjack/
- Defense in depth: securing Meteor apps with Content Security Policy http://info.meteor.com/blog/defense-in-depth-securing-meteor-apps-with-content-security-policy
- meteor: browser policy https://dweldon.silvrback.com/browser-policy
- Meteor security fundamentals http://justmeteor.com/blog/meteor-security-fundamentals/
- Meteor Club Q&A on Security w/ Pete Corey & Josh Owens https://www.youtube.com/watch?v=oaKOqcutkdc