Home Explore Help
Sign In
jds
/
gogs
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

context: add X-Frame-Options header (#6411)

Co-authored-by: ᴜɴᴋɴᴡᴏɴ <[email protected]>
Matheus Mosca 4 years ago
parent
6f735cc2da
commit
997ba0fef0
2 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      CHANGELOG.md
  2. 1 0
      internal/context/context.go

+ 2 - 0
CHANGELOG.md
View File 

@@ -17,6 +17,8 @@ All notable changes to Gogs are documented in this file.
 
 
 ### Fixed
 
 
+- Add `X-Frame-Options` header to prevent Clickjacking. [#6409](https://github.com/gogs/gogs/issues/6409) 
+
 
 ### Removed
 
 
 - ⚠️ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.

+ 1 - 0
internal/context/context.go
View File 

@@ -289,6 +289,7 @@ func Contexter() macaron.Handler {
 
 		// 🚨 SECURITY: Prevent MIME type sniffing in some browsers,
 
 		// see https://github.com/gogs/gogs/issues/5397 for details.
 
 		c.Header().Set("X-Content-Type-Options", "nosniff")
 
+		c.Header().Set("X-Frame-Options", "DENY")
 
 
 		ctx.Map(c)
 
 	}