From c1b1f5f58a5e02b88f807bc3352df90b3d29334d Mon Sep 17 00:00:00 2001 From: pictuga Date: Tue, 9 Jun 2020 12:33:37 +0200 Subject: [PATCH] morss: restrict iframe use from :get to avoid abuse --- morss/morss.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/morss/morss.py b/morss/morss.py index 57adc1b..74cf39c 100644 --- a/morss/morss.py +++ b/morss/morss.py @@ -605,7 +605,7 @@ def cgi_get(environ, start_response): output = req['data'] # return html page - headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8'} + headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'} # SAMEORIGIN to avoid potential abuse start_response(headers['status'], list(headers.items())) return [output]