diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | internal/context/context.go | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f82ed08..29bf1764 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ All notable changes to Gogs are documented in this file. ### Fixed +- Add `X-Frame-Options` header to prevent Clickjacking. [#6409](https://github.com/gogs/gogs/issues/6409) + ### Removed - ⚠️ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13. diff --git a/internal/context/context.go b/internal/context/context.go index 55c94c59..da967b11 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -289,6 +289,7 @@ func Contexter() macaron.Handler { // 🚨 SECURITY: Prevent MIME type sniffing in some browsers, // see https://github.com/gogs/gogs/issues/5397 for details. c.Header().Set("X-Content-Type-Options", "nosniff") + c.Header().Set("X-Frame-Options", "DENY") ctx.Map(c) } |