Merge pull request #274 from tdiary/x-frame-option_on_admin

set X-Frame-Options to SAMEORIGIN in admin pages #273
tdiary · Mar 26, 2013 · 31dde8b · 31dde8b
2 parents 916849b + 2c457f2
commit 31dde8b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/tdiary/dispatcher/update_main.rb b/tdiary/dispatcher/update_main.rb
@@ -33,7 +33,8 @@ def run
 							'Content-Type' => 'text/html',
 							'charset' => conf.encoding,
 							'Content-Length' => body.bytesize.to_s,
-							'Vary' => 'User-Agent'
+							'Vary' => 'User-Agent',
+							'X-Frame-Options' => 'SAMEORIGIN'
 						}
 					end
 					body = ( request.head? ? '' : body )