From cbb8d144f05c4090972e0da3780f7b4d033b79c1 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sat, 17 Oct 2020 11:24:44 +0200
Subject: [PATCH] Align X-Frame-Options with CSP

---
 common_config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common_config.php b/common_config.php
index 764fe37..4bc00b1 100644
--- a/common_config.php
+++ b/common_config.php
@@ -123,7 +123,7 @@ function send_headers(array $styles = []){
 	}
 	header("Content-Security-Policy: base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none'; img-src data:; style-src $style_hashes");
 	header('X-Content-Type-Options: nosniff');
-	header('X-Frame-Options: sameorigin');
+	header('X-Frame-Options: deny');
 	header('X-XSS-Protection: 1; mode=block');
 	if($_SERVER['REQUEST_METHOD'] === 'HEAD'){
 		exit; // headers sent, no further processing needed