From 10fd34098d43a6a2d9878564443fc55df423032d Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 21 May 2016 13:47:11 -0400 Subject: add clickjacking protection to logout page --- src/guff.cr | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/guff.cr b/src/guff.cr index 503fded..815c983 100644 --- a/src/guff.cr +++ b/src/guff.cr @@ -708,6 +708,11 @@ module Guff http_only: true, ) + # build remaining headers + context.response.headers["x-frame-options"] = "SAMEORIGIN" + context.response.content_type = "text/html; charset=utf-8" + context.response.status_code = 200 + # draw page Views::LogoutPageView.new(@context).to_s(context.response) else -- cgit v1.2.3