From 73dafa6affa5ddb9c10a134d3f497fe983e44815 Mon Sep 17 00:00:00 2001
From: Jet <acc@nullpilot.de>
Date: Fri, 11 Oct 2013 11:08:52 +0200
Subject: [PATCH] Disable framing

Set the X-Frame-Options to DENY for added security.
---
 src/webserver.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/webserver.js b/src/webserver.js
index e03e3382df..e23d9263f5 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -112,6 +112,10 @@ var express = require('express'),
 				app.use(function (req, res, next) {
 					nconf.set('https', req.secure);
 					res.locals.csrf_token = req.session._csrf;
+					
+					// Disable framing
+					res.setHeader "x-frame-options", "DENY"
+					
 					next();
 				});