From 8450bdf7e1dc23e9d88adf30a2aa9101c0c41720 Mon Sep 17 00:00:00 2001
From: Artur Heinze <artur@agentejo.com>
Date: Sat, 11 Feb 2023 01:44:16 +0100
Subject: [PATCH] Set X-Frame-Options to prevent possible clickjacking via
 iframe layer

---
 CHANGELOG.md          | 2 ++
 modules/App/admin.php | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b012a120..fe3827ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
 ## WIP
 
 - Fix batch state update (when using MongoLite) #75
+- Fix min/max settings for number fields #76
+- Set X-Frame-Options to prevent possible clickjacking via iframe layer
 
 ## 2.3.8 (2023-02-04)
 
diff --git a/modules/App/admin.php b/modules/App/admin.php
index 4471313d..5412bdc6 100644
--- a/modules/App/admin.php
+++ b/modules/App/admin.php
@@ -140,6 +140,9 @@
  */
 $this->on('after', function() {
 
+    // prevent possible clickjacking via iframe layer
+    $this->response->headers['X-Frame-Options'] = 'SAMEORIGIN';
+
     // handle error pages
     switch ($this->response->status) {