morss: restrict iframe use from :get to avoid abuse

2020-06-09 12:33:37 +02:00
parent 985185f47f
commit c1b1f5f58a
1 changed files with 1 additions and 1 deletions
--- a/morss/morss.py
+++ b/morss/morss.py
@@ -605,7 +605,7 @@ def cgi_get(environ, start_response):
        output = req['data']

    # return html page
-    headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8'}
+    headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'} # SAMEORIGIN to avoid potential abuse
    start_response(headers['status'], list(headers.items()))
    return [output]