diff options
author | Paul Duncan <pabs@pablotron.org> | 2016-05-21 13:18:05 -0400 |
---|---|---|
committer | Paul Duncan <pabs@pablotron.org> | 2016-05-21 13:18:05 -0400 |
commit | 74d07a15b7c7877346c6267fc1803d2774d99f9d (patch) | |
tree | a78a225e04589ad3f6e8bf7d93f21fd548eb2bd8 | |
parent | b1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299 (diff) | |
download | guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.tar.bz2 guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.zip |
add clickjacking protection
-rw-r--r-- | src/guff.cr | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/guff.cr b/src/guff.cr index b610e96..b6eaa4b 100644 --- a/src/guff.cr +++ b/src/guff.cr @@ -574,6 +574,7 @@ module Guff def authenticated_call(context : HTTP::Server::Context) if context.request.path.not_nil!.match(PATH_RE) + context.response.headers["x-frame-options"] = "SAMEORIGIN" context.response.content_type = "text/html; charset=utf-8" context.response.status_code = 200 Views::AdminPageView.new(@context).to_s(context.response) @@ -631,6 +632,7 @@ module Guff response : HTTP::Server::Response, error : String? = nil ) + context.response.headers["x-frame-options"] = "SAMEORIGIN" response.content_type = "text/html; charset=utf-8" response.status_code = 200 Views::LoginPageView.new(@context, error).to_s(response) |