From 203243467675e85b8b479c778e44ae1aac8bad55 Mon Sep 17 00:00:00 2001
From: Brady Miller <brady.g.miller@gmail.com>
Date: Sun, 24 Jul 2022 13:26:54 -0700
Subject: [PATCH] bug fix e2

---
 interface/login/login.php | 4 ++++
 portal/index.php          | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/interface/login/login.php b/interface/login/login.php
index d05323c1a41..cd2f1173856 100644
--- a/interface/login/login.php
+++ b/interface/login/login.php
@@ -25,6 +25,10 @@
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+// prevent UI redressing
+Header("X-Frame-Options: DENY");
+Header("Content-Security-Policy: frame-ancestors 'none'");
+
 use OpenEMR\Common\Twig\TwigContainer;
 use OpenEMR\Services\FacilityService;
 
diff --git a/portal/index.php b/portal/index.php
index 9d599e3ef08..33755b8193b 100644
--- a/portal/index.php
+++ b/portal/index.php
@@ -16,6 +16,10 @@
  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  */
 
+// prevent UI redressing
+Header("X-Frame-Options: DENY");
+Header("Content-Security-Policy: frame-ancestors 'none'");
+
 //setting the session & other config options
 
 // Will start the (patient) portal OpenEMR session/cookie.