From 9ba19df9be29359a86aada80311f725fec5dba85 Mon Sep 17 00:00:00 2001
From: Dan Ramich <danold215@gmail.com>
Date: Fri, 15 Feb 2019 16:08:09 -0700
Subject: [PATCH] Add Frame-Options header

Problem:
Frame-Options header is not being set, this is a potential secutiry
issue

Solution:
Set the header "X-Frame-Options:deny"
---
 api/writer/html.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/writer/html.go b/api/writer/html.go
index c77adefb..c908d016 100644
--- a/api/writer/html.go
+++ b/api/writer/html.go
@@ -42,6 +42,7 @@ type HTMLResponseWriter struct {
 func (h *HTMLResponseWriter) start(apiContext *types.APIContext, code int, obj interface{}) {
 	AddCommonResponseHeader(apiContext)
 	apiContext.Response.Header().Set("content-type", "text/html")
+	apiContext.Response.Header().Set("X-Frame-Options", "deny")
 	apiContext.Response.WriteHeader(code)
 }