diff --git a/src/pyload/webui/app/__init__.py b/src/pyload/webui/app/__init__.py index 3441f5bab0..ffdc15eeb4 100644 --- a/src/pyload/webui/app/__init__.py +++ b/src/pyload/webui/app/__init__.py @@ -60,11 +60,16 @@ def _configure_themes(cls, app, path_prefix=""): @classmethod def _configure_handlers(cls, app): """ - Register error handlers. + Register app handlers. """ for exc, fn in cls.FLASK_ERROR_HANDLERS: app.register_error_handler(exc, fn) + @app.after_request + def deny_iframe(response): + response.headers["X-Frame-Options"] = "DENY" + return response + @classmethod def _configure_json_encoding(cls, app): app.json_encoder = JSONEncoder