add clickjacking protection

author: Paul Duncan <pabs@pablotron.org> 2016-05-21 13:18:05 -0400
committer: Paul Duncan <pabs@pablotron.org> 2016-05-21 13:18:05 -0400
commit: 74d07a15b7c7877346c6267fc1803d2774d99f9d (patch)
tree: a78a225e04589ad3f6e8bf7d93f21fd548eb2bd8 /src/guff.cr
parent: b1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299 (diff)
download: guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.tar.bz2
guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/guff.cr b/src/guff.cr
index b610e96..b6eaa4b 100644
--- a/src/guff.cr
+++ b/src/guff.cr
@@ -574,6 +574,7 @@ module Guff
 
       def authenticated_call(context : HTTP::Server::Context)
         if context.request.path.not_nil!.match(PATH_RE)
+          context.response.headers["x-frame-options"] = "SAMEORIGIN"
           context.response.content_type = "text/html; charset=utf-8"
           context.response.status_code = 200
           Views::AdminPageView.new(@context).to_s(context.response)
@@ -631,6 +632,7 @@ module Guff
         response : HTTP::Server::Response,
         error : String? = nil
       )
+        context.response.headers["x-frame-options"] = "SAMEORIGIN"
         response.content_type = "text/html; charset=utf-8"
         response.status_code = 200
         Views::LoginPageView.new(@context, error).to_s(response)
author	Paul Duncan <pabs@pablotron.org>	2016-05-21 13:18:05 -0400
committer	Paul Duncan <pabs@pablotron.org>	2016-05-21 13:18:05 -0400
commit	74d07a15b7c7877346c6267fc1803d2774d99f9d (patch)
tree	a78a225e04589ad3f6e8bf7d93f21fd548eb2bd8 /src/guff.cr
parent	b1d1a7c6c5c13c1496fa87a0eddaf4e724ecb299 (diff)
download	guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.tar.bz2 guff-74d07a15b7c7877346c6267fc1803d2774d99f9d.zip