From 3c5960aba05fbe5f901ab416b96c35436fb17a7a Mon Sep 17 00:00:00 2001
From: Stuart Skelton <stuartskelton@users.noreply.github.com>
Date: Thu, 19 Nov 2020 16:16:01 +0000
Subject: [PATCH] Avoid potential click jacking (#190)

---
 pkg/server/web/handlers.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/server/web/handlers.go b/pkg/server/web/handlers.go
index 385c2b1..04341b0 100644
--- a/pkg/server/web/handlers.go
+++ b/pkg/server/web/handlers.go
@@ -94,6 +94,8 @@ func spaTemplateHandler(tmpl *template.Template, basePath string,
 		BasePath: basePath,
 	}
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		// ensure we do now allow click jacking
+		w.Header().Set("X-Frame-Options", "SameOrigin")
 		err := tmpl.Execute(w, tmplData)
 		if err != nil {
 			log.Error().Str("module", "web").Str("remote", req.RemoteAddr).Str("proto", req.Proto).