Mirrors/go-inbucket
1
0
Fork 0
mirror of https://github.com/jhillyerd/inbucket.git synced 2025-12-17 17:47:03 +00:00
Code Issues Releases Wiki Activity

Avoid potential click jacking (#190)

Browse Source
This commit is contained in:
Stuart Skelton
2020-11-19 16:16:01 +00:00
committed by GitHub
parent 7f430f2bde
commit 3c5960aba0
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/server/web/handlers.go
View File

@@ -94,6 +94,8 @@ func spaTemplateHandler(tmpl *template.Template, basePath string,
BasePath: basePath, BasePath: basePath,
} }
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
// ensure we do now allow click jacking
w.Header().Set("X-Frame-Options", "SameOrigin")
err := tmpl.Execute(w, tmplData) err := tmpl.Execute(w, tmplData)
if err != nil { if err != nil {
log.Error().Str("module", "web").Str("remote", req.RemoteAddr).Str("proto", req.Proto). log.Error().Str("module", "web").Str("remote", req.RemoteAddr).Str("proto", req.Proto).