From 0babc528f0115bf1403f084f45b774858a4b94df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Z=C3=A1vora?= <pavel.zavora@bonitoo.io>
Date: Wed, 15 Jul 2020 17:56:46 +0200
Subject: [PATCH] fix(ui): add HTTP security headers (#5536)

---
 dist/dist.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dist/dist.go b/dist/dist.go
index 2c8e692e4..adad3d61f 100644
--- a/dist/dist.go
+++ b/dist/dist.go
@@ -36,6 +36,12 @@ func (b *BindataAssets) Handler() http.Handler {
 // addCacheHeaders requests an hour of Cache-Control and sets an ETag based on file size and modtime
 func (b *BindataAssets) addCacheHeaders(filename string, w http.ResponseWriter) error {
 	w.Header().Add("Cache-Control", "public, max-age=3600")
+
+	w.Header().Add("X-Frame-Options", "SAMEORIGIN")
+	w.Header().Add("X-XSS-Protection", "1; mode=block")
+	w.Header().Add("X-Content-Type-Options", "nosniff")
+	w.Header().Add("Content-Security-Policy", "script-src 'self'; object-src 'self'")
+
 	fi, err := AssetInfo(filename)
 	if err != nil {
 		return err