swat: Use X-Frame-Options header to avoid clickjacking

[samba.git] / source3 / web / swat.c

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 754e3cee732fec28583b221581ba8cb118e441d4..d2bbee40c342abba0e15d464f0bb5cfeeee222a8 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -260,7 +260,8 @@ static void print_header(void)
        if (!cgi_waspost()) {
                printf("Expires: 0\r\n");
        }
-       printf("Content-type: text/html\r\n\r\n");
+       printf("Content-type: text/html\r\n");
+       printf("X-Frame-Options: DENY\r\n\r\n");
 
        if (!include_html("include/header.html")) {
                printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n");