@ -43,6 +43,7 @@ namespace Http
const QString HEADER_CONTENT_ENCODING = "Content-Encoding";
const QString HEADER_CONTENT_LENGTH = "Content-Length";
const QString HEADER_CACHE_CONTROL = "Cache-Control";
const QString HEADER_X_FRAME_OPTIONS = "X-Frame-Options";
const QString CONTENT_TYPE_CSS = "text/css; charset=UTF-8";
const QString CONTENT_TYPE_GIF = "image/gif";
@ -103,7 +103,11 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
request_ = request;
env_ = env;
clear(); // clear response
// clear response
clear();
// avoid clickjacking attacks
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
sessionInitialize();
if (!sessionActive() && !isAuthNeeded())