Merge pull request #491 from pi-hole/dont-frame-me

Make sure web interface can't be loaded into a frame
This commit is contained in:
Mcat12 2016-05-06 14:30:13 -04:00
commit 62dc160c65

View file

@ -46,7 +46,10 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# If the URL starts with /admin, it is the Web interface # If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" { $HTTP["url"] =~ "^/admin/" {
# Create a response header for debugging using curl -I # Create a response header for debugging using curl -I
setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) setenv.add-response-header = (
"X-Pi-hole" => "The Pi-hole Web interface is working!",
"X-Frame-Options" => "DENY"
)
} }
# If the URL does not start with /admin, then it is a query for an ad domain # If the URL does not start with /admin, then it is a query for an ad domain