From 997ba0fef01cc5ea69de1be7e997c7b7e184dd52 Mon Sep 17 00:00:00 2001
From: Matheus Mosca <42419282+matheusmosca@users.noreply.github.com>
Date: Wed, 11 Nov 2020 01:17:43 -0300
Subject: context: add X-Frame-Options header (#6411)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
---
 internal/context/context.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'internal/context')

diff --git a/internal/context/context.go b/internal/context/context.go
index 55c94c59..da967b11 100644
--- a/internal/context/context.go
+++ b/internal/context/context.go
@@ -289,6 +289,7 @@ func Contexter() macaron.Handler {
 		// 🚨 SECURITY: Prevent MIME type sniffing in some browsers,
 		// see https://github.com/gogs/gogs/issues/5397 for details.
 		c.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Header().Set("X-Frame-Options", "DENY")
 
 		ctx.Map(c)
 	}
-- 
cgit v1.2.3