Forbid iframes

This prevents clickjacking attacks.
2023-02-01 12:02:08 +01:00
parent 0827fb2c24
commit a372d7d4e7
1 changed files with 7 additions and 0 deletions
--- a/main.py
+++ b/main.py
@@ -33,6 +33,13 @@ class Role:
    MODERATOR = 1
    ADMIN = 2

+@app.after_request
+def after_request(response):
+    # This forbids other sites from embedding this site in an iframe,
+    # preventing clickjacking attacks.
+    response.headers['X-Frame-Options'] = 'DENY'
+    return response
+
@app.route('/')
 def index():
    return render_template(