From: Daira Hopwood <daira@jacaranda.org>
Date: Mon, 9 Feb 2015 02:27:32 +0000 (+0000)
Subject: Add "X-Frame-Options: DENY" header to all pages. refs #1455
X-Git-Url: https://git.rkrishnan.org/uri/URI:DIR2:%5B%5E?a=commitdiff_plain;h=5ff0b30e572ae12b2cdf6780cd3e403b35ab14a4;p=tahoe-lafs%2Ftahoe-lafs.git

Add "X-Frame-Options: DENY" header to all pages. refs #1455

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---

diff --git a/src/allmydata/webish.py b/src/allmydata/webish.py
index e2029fee..15ece362 100644
--- a/src/allmydata/webish.py
+++ b/src/allmydata/webish.py
@@ -44,6 +44,9 @@ class MyRequest(appserver.NevowRequest):
         self.client = self.channel.transport.getPeer()
         self.host = self.channel.transport.getHost()
 
+        # Adding security headers. These will be sent for *all* HTTP requests.
+        self.responseHeaders.setRawHeaders("X-Frame-Options", ["DENY"])
+
         # Argument processing.
 
 ##      The original twisted.web.http.Request.requestReceived code parsed the