Add `x-frame-options` response header to PSR-7 responses in RequestHandler

diff --git a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
index 252ed5c7b6c5e56c3266dc214a7b5aa4ccb05092..44a316117e07a87d95f530e8e19dd72cbaf5f494 100644 (file)
--- a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
+++ b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php
@@ -145,6 +145,8 @@ class RequestHandler extends SingletonFactory
             \implode(', ', $cacheControl)
         );
 
+        $response->withHeader('x-frame-options', 'SAMEORIGIN');
+
         $emitter = new SapiEmitter();
         $emitter->emit($response);
     }