Set X-Frame-Options to prevent possible clickjacking via iframe layer

Cockpit-HQ · Feb 11, 2023 · 8450bdf · 8450bdf
1 parent abbcef3
commit 8450bdf
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,8 @@
 ## WIP
 
 - Fix batch state update (when using MongoLite) #75
+- Fix min/max settings for number fields #76
+- Set X-Frame-Options to prevent possible clickjacking via iframe layer
 
 ## 2.3.8 (2023-02-04)
 

diff --git a/modules/App/admin.php b/modules/App/admin.php
@@ -140,6 +140,9 @@
  */
 $this->on('after', function() {
 
+    // prevent possible clickjacking via iframe layer
+    $this->response->headers['X-Frame-Options'] = 'SAMEORIGIN';
+
     // handle error pages
     switch ($this->response->status) {