Add netlify.toml configuration to set X-Frame-Options header to DENY

[marc1404]

How to categorize this PR?

/kind enhancement

What this PR does / why we need it:

Although there's (currently) no real risk from clickjacking attacks and alike, we still would like to set the X-Frame-Options: DENY header. Using Netlify, this can be done with a special _headers file in the public directory's root or with the netlify.toml file. I find the latter more explicit, and it allows for better configuration options (ref).

Which issue(s) this PR fixes:

n.a.

Special notes for your reviewer:

Once the preview has been deployed by Netlify, we can verify that the response header is set appropriately.

/cc @HeckEK @n-boshnakov

Summary by CodeRabbit

• Chores
  • Added X-Frame-Options header configuration to apply across all application routes.

[netlify]

✅ Deploy Preview for gardener-docs ready!

Name	Link
🔨 Latest commit	6059f42
🔍 Latest deploy log	https://app.netlify.com/projects/gardener-docs/deploys/69de3549b0bddc0008394788
😎 Deploy Preview	https://deploy-preview-935--gardener-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 71 (🟢 up 4 from production) Accessibility: 97 (no change from production) Best Practices: 92 (no change from production) SEO: 98 (no change from production) PWA: 90 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

A Netlify configuration file is updated to add a security header rule that applies the X-Frame-Options: DENY header to all HTTP responses across all routes, mitigating clickjacking attacks by preventing the site from being embedded in frames.

Changes

Cohort / File(s)	Summary
Security Header Configuration netlify.toml	Adds a Netlify header rule applying X-Frame-Options: DENY to all routes (/*), enforcing frame embedding restrictions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A frame so strong, a wall so high,
X-Frame-Options says "no, not I!"
Clickjackers beware, denied they'll be,
Security headers wild and free! 🔒

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description follows the template structure with categorization, explanation of purpose, and notes for reviewers, though the issue reference section is marked as n.a.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately describes the main change: adding a netlify.toml configuration file to set the X-Frame-Options header to DENY, which is the primary objective of this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[marc1404]

The header is being set correctly.

[klocke-io]

/lgtm

@marc1404 thanks for pushing this

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: klocke-io

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [klocke-io]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gardener-prow]

LGTM label has been added.

Details

Git tree hash: 98ec19540d8c06b7abc77f1c3a2be2922cdd17a4