From 00e89cd33eda98be288d5d8a2d5933cb972f4338 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@leantime.io>
Date: Tue, 28 Apr 2020 13:08:23 -0700
Subject: [PATCH] adding security headers to call chain

---
 src/core/class.application.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/core/class.application.php b/src/core/class.application.php
index 3bd1ddcc1..b32c67864 100644
--- a/src/core/class.application.php
+++ b/src/core/class.application.php
@@ -53,6 +53,8 @@ public function start()
         //Override theme settings
         $this->overrideThemeSettings();
 
+        $this->loadHeaders();
+
         ob_start();
 
         if($this->login->logged_in()===false) {
@@ -94,6 +96,12 @@ public function start()
             
     }
 
+    public function loadHeaders() {
+        header('X-Frame-Options: SAMEORIGIN');
+        header('X-XSS-Protection: 1; mode=block');
+        header('X-Content-Type-Options: nosniff');
+    }
+
     public function overrideThemeSettings() {
 
         if(isset($_SESSION["companysettings.logoPath"]) === false) {