[WebUI] Avoid clickjacking attacks

2025-12-19 23:17:21 -06:00 · 2017-02-06 20:44:57 +01:00
parent 7aef9828c9
commit f9f7a8cbf2
2 changed files with 6 additions and 1 deletions
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@@ -101,7 +101,11 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
    request_ = request;
    env_ = env;

-    clear(); // clear response
+    // clear response
+    clear();
+
+    // avoid clickjacking attacks
+    header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");

    sessionInitialize();
    if (!sessionActive() && !isAuthNeeded())