diff options
author | Paul Duncan <pabs@pablotron.org> | 2016-05-21 13:47:11 -0400 |
---|---|---|
committer | Paul Duncan <pabs@pablotron.org> | 2016-05-21 13:47:11 -0400 |
commit | 10fd34098d43a6a2d9878564443fc55df423032d (patch) | |
tree | 56258f3461209c778d6d92264703b3ea0572a955 /src/guff.cr | |
parent | d68d3a3357c46933b604c03a8f8d6a60fa952106 (diff) | |
download | guff-10fd34098d43a6a2d9878564443fc55df423032d.tar.bz2 guff-10fd34098d43a6a2d9878564443fc55df423032d.zip |
add clickjacking protection to logout page
Diffstat (limited to 'src/guff.cr')
-rw-r--r-- | src/guff.cr | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/guff.cr b/src/guff.cr index 503fded..815c983 100644 --- a/src/guff.cr +++ b/src/guff.cr @@ -708,6 +708,11 @@ module Guff http_only: true, ) + # build remaining headers + context.response.headers["x-frame-options"] = "SAMEORIGIN" + context.response.content_type = "text/html; charset=utf-8" + context.response.status_code = 200 + # draw page Views::LogoutPageView.new(@context).to_s(context.response) else |