]> git.rkrishnan.org Git - tahoe-lafs/tahoe-lafs.git/commitdiff
Add "X-Frame-Options: DENY" header to all pages. refs #1455 1455.x-frame-options.1
authorDaira Hopwood <daira@jacaranda.org>
Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
committerDaira Hopwood <daira@jacaranda.org>
Mon, 9 Feb 2015 02:27:32 +0000 (02:27 +0000)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
src/allmydata/webish.py

index e2029feecd595ba21bf3516c880189065286569e..15ece362f7b804aab51aee2f2bf9bd93cddc8cce 100644 (file)
@@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest):
         self.client = self.channel.transport.getPeer()
         self.host = self.channel.transport.getHost()
 
+        # Adding security headers. These will be sent for *all* HTTP requests.
+        self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"])
+
         # Argument processing.
 
 ##      The original twisted.web.http.Request.requestReceived code parsed the