From c1b1f5f58a5e02b88f807bc3352df90b3d29334d Mon Sep 17 00:00:00 2001
From: pictuga <contact@pictuga.com>
Date: Tue, 9 Jun 2020 12:33:37 +0200
Subject: [PATCH] morss: restrict iframe use from :get to avoid abuse

---
 morss/morss.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/morss/morss.py b/morss/morss.py
index 57adc1b..74cf39c 100644
--- a/morss/morss.py
+++ b/morss/morss.py
@@ -605,7 +605,7 @@ def cgi_get(environ, start_response):
         output = req['data']
 
     # return html page
-    headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8'}
+    headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'} # SAMEORIGIN to avoid potential abuse
     start_response(headers['status'], list(headers.items()))
     return [output]