From a48135a60dccd40cc47ce5277ddb2d65d7487010 Mon Sep 17 00:00:00 2001
From: Athou <jeremiepanzer@gmail.com>
Date: Thu, 14 Jul 2022 13:46:08 +0200
Subject: [PATCH] send X-Frame-Options header with value "DENY"

---
 pom.xml                                               |  5 +++++
 src/main/java/com/commafeed/CommaFeedApplication.java | 11 +++++++++++
 2 files changed, 16 insertions(+)

diff --git a/pom.xml b/pom.xml
index 7f085a5b..e494704c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -316,6 +316,11 @@
 			<groupId>io.dropwizard.metrics</groupId>
 			<artifactId>metrics-json</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>io.dropwizard.modules</groupId>
+			<artifactId>dropwizard-web</artifactId>
+			<version>1.5.0</version>
+		</dependency>
 
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
diff --git a/src/main/java/com/commafeed/CommaFeedApplication.java b/src/main/java/com/commafeed/CommaFeedApplication.java
index 1a90f0a8..fa007cf8 100644
--- a/src/main/java/com/commafeed/CommaFeedApplication.java
+++ b/src/main/java/com/commafeed/CommaFeedApplication.java
@@ -61,6 +61,8 @@ import io.dropwizard.server.DefaultServerFactory;
 import io.dropwizard.servlets.CacheBustingFilter;
 import io.dropwizard.setup.Bootstrap;
 import io.dropwizard.setup.Environment;
+import io.dropwizard.web.WebBundle;
+import io.dropwizard.web.conf.WebConfiguration;
 
 public class CommaFeedApplication extends Application<CommaFeedConfiguration> {
 
@@ -96,6 +98,15 @@ public class CommaFeedApplication extends Application<CommaFeedConfiguration> {
 			}
 		});
 
+		bootstrap.addBundle(new WebBundle<CommaFeedConfiguration>() {
+			@Override
+			public WebConfiguration getWebConfiguration(CommaFeedConfiguration configuration) {
+				WebConfiguration config = new WebConfiguration();
+				config.getFrameOptionsHeaderFactory().setEnabled(true);
+				return config;
+			}
+		});
+
 		bootstrap.addBundle(new AssetsBundle("/assets/", "/", "index.html"));
 		bootstrap.addBundle(new MultiPartBundle());
 	}