X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FMason%2FRequest.pm;h=c4520c8821743dd6353f9db9766f1b61f31716f4;hb=cad17f4aca6b4c673cb72ac7af69d9a83f406e91;hp=022ff8e8a0e1bce76c5873602e7aef85d568286a;hpb=b11528f0cbcc3c7fc6412ce0c83940382e14952a;p=freeside.git

diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm
index 022ff8e8a..c4520c882 100644
--- a/FS/FS/Mason/Request.pm
+++ b/FS/FS/Mason/Request.pm
@@ -65,6 +65,12 @@ sub freeside_setup {
             if fileno(STDOUT) != 1;
     }
 
+    if ( $HTML::Mason::Commands::r ) {
+      FS::Trace->log('    adding headers');
+      #frame-ancestors not supported by all the major browsers yet
+      $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+    }
+
     if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
 
       FS::Trace->log('    handling RT REST/NoAuth file');