From 4161843d41528e45af28dfbd3622d0ec7a9d4b83 Mon Sep 17 00:00:00 2001
From: Yuxuan Zhao <yzhao9@ualberta.ca>
Date: Mon, 15 Apr 2019 10:04:11 -0600
Subject: [PATCH] add header to prevent clickjacking

---
 scripts/setup-nginx.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/setup-nginx.sh b/scripts/setup-nginx.sh
index 0090d44..bb8918f 100644
--- a/scripts/setup-nginx.sh
+++ b/scripts/setup-nginx.sh
@@ -27,6 +27,7 @@ server {
         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_pass http://127.0.0.1:8001/api;
         proxy_redirect off;
+        add_header X-Frame-Options "SAMEORIGIN" always;
     }
     
     # Django admin access (/admin/)