From 5ff0b30e572ae12b2cdf6780cd3e403b35ab14a4 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Mon, 9 Feb 2015 02:27:32 +0000
Subject: [PATCH] Add "X-Frame-Options: DENY" header to all pages. refs #1455

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 src/allmydata/webish.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/allmydata/webish.py b/src/allmydata/webish.py
index e2029fee..15ece362 100644
--- a/src/allmydata/webish.py
+++ b/src/allmydata/webish.py
@@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest):
         self.client = self.channel.transport.getPeer()
         self.host = self.channel.transport.getHost()
 
+        # Adding security headers. These will be sent for *all* HTTP requests.
+        self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"])
+
         # Argument processing.
 
 ##      The original twisted.web.http.Request.requestReceived code parsed the
-- 
2.45.2