From 07c3ff9710ab1a1645bdde3e116beb08e584a795 Mon Sep 17 00:00:00 2001
From: Safihre <safihre@sabnzbd.org>
Date: Wed, 7 Feb 2018 00:37:50 +0100
Subject: [PATCH] Add X-Frame-Options header to prevent click-jacking

Linked #1092
---
 SABnzbd.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SABnzbd.py b/SABnzbd.py
index 5b52d3b..7cfd84e 100755
--- a/SABnzbd.py
+++ b/SABnzbd.py
@@ -1340,6 +1340,8 @@ def main():
                             'tools.encode.on': True,
                             'tools.gzip.on': True,
                             'tools.gzip.mime_types': mime_gzip,
+                            'tools.response_headers.on': True,
+                            'tools.response_headers.headers': [('X-Frame-Options', 'SameOrigin')],
                             'request.show_tracebacks': True,
                             'error_page.401': sabnzbd.panic.error_page_401,
                             'error_page.404': sabnzbd.panic.error_page_404