moonq/qgreper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Forbid iframes

Browse Source 
This prevents clickjacking attacks.
This commit is contained in:
David Hoppenbrouwers
2023-02-01 12:02:08 +01:00
parent 0827fb2c24
commit a372d7d4e7
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
main.py
View File

@@ -33,6 +33,13 @@ class Role:
MODERATOR = 1 MODERATOR = 1
ADMIN = 2 ADMIN = 2
@app.after_request
def after_request(response):
# This forbids other sites from embedding this site in an iframe,
# preventing clickjacking attacks.
response.headers['X-Frame-Options'] = 'DENY'
return response
@app.route('/') @app.route('/')
def index(): def index():
return render_template( return render_template(