[WebUI] Avoid clickjacking attacks

2025-12-19 15:07:22 -06:00 · 2017-02-06 20:44:57 +01:00
parent f9c39e3dac
commit f5ad04766f
2 changed files with 6 additions and 1 deletions
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@@ -103,7 +103,11 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
    request_ = request;
    env_ = env;

-    clear(); // clear response
+    // clear response
+    clear();
+
+    // avoid clickjacking attacks
+    header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");

    sessionInitialize();
    if (!sessionActive() && !isAuthNeeded())