after submitting the report they immediately deployed a fix:
src: OWASP Defense Sheet
So, how do we have been breaking it?
A write up from Paulos Yibelo regarding facebook clickjacking gave me an idea. The bypass script
and the output
Thanks for taking time to read.
To God Be the Glory.