From bd2a31b7de54570b919aa1581d486e6ee18c0f64 Mon Sep 17 00:00:00 2001
From: GammaC0de <gammac0de@users.noreply.github.com>
Date: Thu, 5 Jan 2023 01:28:27 +0200
Subject: [PATCH] Add X-Frame-Options: DENY header

---
 src/pyload/webui/app/__init__.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/pyload/webui/app/__init__.py b/src/pyload/webui/app/__init__.py
index 3441f5bab0..ffdc15eeb4 100644
--- a/src/pyload/webui/app/__init__.py
+++ b/src/pyload/webui/app/__init__.py
@@ -60,11 +60,16 @@ def _configure_themes(cls, app, path_prefix=""):
     @classmethod
     def _configure_handlers(cls, app):
         """
-        Register error handlers.
+        Register app handlers.
         """
         for exc, fn in cls.FLASK_ERROR_HANDLERS:
             app.register_error_handler(exc, fn)
 
+        @app.after_request
+        def deny_iframe(response):
+            response.headers["X-Frame-Options"] = "DENY"
+            return response
+
     @classmethod
     def _configure_json_encoding(cls, app):
         app.json_encoder = JSONEncoder