Avoid potential click jacking (#190)

2025-12-17 09:37:02 +00:00 · 2020-11-19 16:16:01 +00:00
parent 7f430f2bde
commit 3c5960aba0
1 changed files with 2 additions and 0 deletions
--- a/pkg/server/web/handlers.go
+++ b/pkg/server/web/handlers.go
@@ -94,6 +94,8 @@ func spaTemplateHandler(tmpl *template.Template, basePath string,
 		BasePath: basePath,
 	}
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		// ensure we do now allow click jacking
+		w.Header().Set("X-Frame-Options", "SameOrigin")
 		err := tmpl.Execute(w, tmplData)
 		if err != nil {
 			log.Error().Str("module", "web").Str("remote", req.RemoteAddr).Str("proto", req.Proto).