From 2e3be90054f8f7592f25843bb01a65b434b7900c Mon Sep 17 00:00:00 2001
From: Joseph Schorr <jschorr@gmail.com>
Date: Sat, 28 Dec 2013 13:28:52 -0500
Subject: [PATCH] Make sure Quay cannot be shown in frames

---
 endpoints/web.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/endpoints/web.py b/endpoints/web.py
index 82ee2bc50..63c68a8b7 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -20,7 +20,9 @@ logger = logging.getLogger(__name__)
 
 
 def render_page_template(name):
-  return render_template(name, route_data = get_route_data())
+  resp = make_response(render_template(name, route_data = get_route_data()))
+  resp.headers['X-FRAME-OPTIONS'] = 'DENY'
+  return resp
 
 
 @app.route('/', methods=['GET'], defaults={'path': ''})