From 247d5d8ea030f10f82b556b67e94a088c3eb53e8 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 21 May 2016 14:04:24 -0400 Subject: logout.html clickjacking protection --- src/guff.cr | 1 + 1 file changed, 1 insertion(+) diff --git a/src/guff.cr b/src/guff.cr index 7e826e8..d641032 100644 --- a/src/guff.cr +++ b/src/guff.cr @@ -515,6 +515,7 @@ module Guff context.response.status_code = 304 else # not cached, set code and send headers + context.response.headers["x-frame-options"] = "SAMEORIGIN" context.response.status_code = 200 context.response.content_type = MimeType.from_path(abs_path) context.response.content_length = File.size(abs_path) -- cgit v1.2.3