swat: Use X-Frame-Options header to avoid clickjacking

Jann Horn reported a potential clickjacking vulnerability in SWAT where
the SWAT page could be embedded into an attacker's page using a frame or
iframe and then used to trick the user to change Samba settings.

Avoid this by telling the browser to refuse the frame embedding via the
X-Frame-Options: DENY header.

Signed-off-by: Kai Blin <kai@samba.org>

Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.

0 files changed, 0 insertions, 0 deletions