morss: restrict iframe use from :get to avoid abuse

master
pictuga 2020-06-09 12:33:37 +02:00
parent 985185f47f
commit c1b1f5f58a
1 changed files with 1 additions and 1 deletions

View File

@ -605,7 +605,7 @@ def cgi_get(environ, start_response):
output = req['data']
# return html page
headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8'}
headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'} # SAMEORIGIN to avoid potential abuse
start_response(headers['status'], list(headers.items()))
return [output]