Add "X-Frame-Options: DENY" header to all pages. refs #1455

author Daira Hopwood <daira@jacaranda.org>

Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)

committer Daira Hopwood <daira@jacaranda.org>

Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
author Daira Hopwood <daira@jacaranda.org>
Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
committer Daira Hopwood <daira@jacaranda.org>
Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
diff --git a/src/allmydata/webish.py b/src/allmydata/webish.py

index e2029feecd595ba21bf3516c880189065286569e..15ece362f7b804aab51aee2f2bf9bd93cddc8cce 100644 (file)
--- a/src/allmydata/webish.py
+++ b/src/allmydata/webish.py
@@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest):
          self.client = self.channel.transport.getPeer()
          self.host = self.channel.transport.getHost()
  
+        # Adding security headers. These will be sent for *all* HTTP requests.
+        self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"])
+
          # Argument processing.
  
  ##      The original twisted.web.http.Request.requestReceived code parsed the
author	Daira Hopwood <daira@jacaranda.org>
	Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
committer	Daira Hopwood <daira@jacaranda.org>
	Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)