From da7821a3a927d556dd817e38df5d0f4340d50530 Mon Sep 17 00:00:00 2001
From: MuxZeroNet <MuxZeroNet@users.noreply.github.com>
Date: Fri, 6 Jan 2017 01:44:22 +0000
Subject: [PATCH] X-Frame-Options

---
 src/Ui/UiRequest.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index e6ddf3e6..917baeaf 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -144,6 +144,7 @@ class UiRequest(object):
         headers.append(("Keep-Alive", "max=25, timeout=30"))
         if content_type != "text/html":
             headers.append(("Access-Control-Allow-Origin", "*"))  # Allow json access on non-html files
+        headers.append(("X-Frame-Options", "SAMEORIGIN"))
         # headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts"))  # Only local connections
         if self.env["REQUEST_METHOD"] == "OPTIONS":
             # Allow json access