summaryrefslogtreecommitdiffstats
path: root/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuthAuthorizationServer/Controllers/OAuthController.cs')
-rw-r--r--samples/OAuthAuthorizationServer/Controllers/OAuthController.cs1
1 files changed, 1 insertions, 0 deletions
diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
index a67c57b..9d2f6e9 100644
--- a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
+++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
@@ -36,6 +36,7 @@
/// </summary>
/// <returns>The browser HTML response that prompts the user to authorize the client.</returns>
[Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
+ [HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
public ActionResult Authorize() {
var pendingRequest = this.authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null) {
generated by cgit v1.1 at 2025-05-11 22:43:39 +0000