From 5ff0b30e572ae12b2cdf6780cd3e403b35ab14a4 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Mon, 9 Feb 2015 02:27:32 +0000 Subject: [PATCH] Add "X-Frame-Options: DENY" header to all pages. refs #1455 Signed-off-by: Daira Hopwood --- src/allmydata/webish.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/allmydata/webish.py b/src/allmydata/webish.py index e2029fee..15ece362 100644 --- a/src/allmydata/webish.py +++ b/src/allmydata/webish.py @@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest): self.client = self.channel.transport.getPeer() self.host = self.channel.transport.getHost() + # Adding security headers. These will be sent for *all* HTTP requests. + self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"]) + # Argument processing. ## The original twisted.web.http.Request.requestReceived code parsed the -- 2.45.2