From a8d915b86b426224c6268e7e9efc6672ce46a0d8 Mon Sep 17 00:00:00 2001
From: skublik <lskublik@evolveum.com>
Date: Wed, 20 Mar 2019 15:39:35 +0100
Subject: [PATCH] MID-5216

---
 .../java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
index dbfdc41e8ef..4b11a07cba1 100644
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
@@ -155,6 +155,7 @@ protected void configure(HttpSecurity http) throws Exception {
         }
 
         http.headers().disable();
+        http.headers().frameOptions().deny();
 
         if (Arrays.stream(environment.getActiveProfiles()).anyMatch(p -> p.equalsIgnoreCase("cas"))) {
             http.addFilterAt(casFilter(), CasAuthenticationFilter.class);