aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2016-05-21 13:47:11 -0400
committerPaul Duncan <pabs@pablotron.org>2016-05-21 13:47:11 -0400
commit10fd34098d43a6a2d9878564443fc55df423032d (patch)
tree56258f3461209c778d6d92264703b3ea0572a955 /src
parentd68d3a3357c46933b604c03a8f8d6a60fa952106 (diff)
downloadguff-10fd34098d43a6a2d9878564443fc55df423032d.tar.bz2
guff-10fd34098d43a6a2d9878564443fc55df423032d.zip
add clickjacking protection to logout page
Diffstat (limited to 'src')
-rw-r--r--src/guff.cr5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/guff.cr b/src/guff.cr
index 503fded..815c983 100644
--- a/src/guff.cr
+++ b/src/guff.cr
@@ -708,6 +708,11 @@ module Guff
http_only: true,
)
+ # build remaining headers
+ context.response.headers["x-frame-options"] = "SAMEORIGIN"
+ context.response.content_type = "text/html; charset=utf-8"
+ context.response.status_code = 200
+
# draw page
Views::LogoutPageView.new(@context).to_s(context.response)
else