From: Daira Hopwood Date: Mon, 9 Feb 2015 02:27:32 +0000 (+0000) Subject: Add "X-Frame-Options: DENY" header to all pages. refs #1455 X-Git-Url: https://git.rkrishnan.org/frontends/configuration.rst?a=commitdiff_plain;h=refs%2Fheads%2F1455.x-frame-options.1;p=tahoe-lafs%2Ftahoe-lafs.git Add "X-Frame-Options: DENY" header to all pages. refs #1455 Signed-off-by: Daira Hopwood --- diff --git a/src/allmydata/webish.py b/src/allmydata/webish.py index e2029fee..15ece362 100644 --- a/src/allmydata/webish.py +++ b/src/allmydata/webish.py @@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest): self.client = self.channel.transport.getPeer() self.host = self.channel.transport.getHost() + # Adding security headers. These will be sent for *all* HTTP requests. + self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"]) + # Argument processing. ## The original twisted.web.http.Request.requestReceived code parsed the