logout.html clickjacking protection

author: Paul Duncan <pabs@pablotron.org> 2016-05-21 14:04:24 -0400
committer: Paul Duncan <pabs@pablotron.org> 2016-05-21 14:04:24 -0400
commit: 247d5d8ea030f10f82b556b67e94a088c3eb53e8 (patch)
tree: d6fd283254d44396643f6426e3e5b9ad147e1a8c /src
parent: cfbf618af7b19189f38fce2573d22e946735f0dd (diff)
download: guff-247d5d8ea030f10f82b556b67e94a088c3eb53e8.tar.bz2
guff-247d5d8ea030f10f82b556b67e94a088c3eb53e8.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/guff.cr b/src/guff.cr
index 7e826e8..d641032 100644
--- a/src/guff.cr
+++ b/src/guff.cr
@@ -515,6 +515,7 @@ module Guff
               context.response.status_code = 304
             else
               # not cached, set code and send headers
+              context.response.headers["x-frame-options"] = "SAMEORIGIN"
               context.response.status_code = 200
               context.response.content_type = MimeType.from_path(abs_path)
               context.response.content_length = File.size(abs_path)
author	Paul Duncan <pabs@pablotron.org>	2016-05-21 14:04:24 -0400
committer	Paul Duncan <pabs@pablotron.org>	2016-05-21 14:04:24 -0400
commit	247d5d8ea030f10f82b556b67e94a088c3eb53e8 (patch)
tree	d6fd283254d44396643f6426e3e5b9ad147e1a8c /src
parent	cfbf618af7b19189f38fce2573d22e946735f0dd (diff)
download	guff-247d5d8ea030f10f82b556b67e94a088c3eb53e8.tar.bz2 guff-247d5d8ea030f10f82b556b67e94a088c3eb53e8.zip