From 8c82c7077b043cabe145ade8e77e9b0c5c8fff0e Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Mon, 13 Oct 2025 12:03:52 -0700
Subject: [PATCH] Security - Add headers for X-Frame-Options and
 Content-Security-Policy (#7564)

---
 resources/require.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/resources/require.php b/resources/require.php
index 71f46666b1..7d8477d26d 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -88,6 +88,10 @@
 	global $database;
 	$database = database::new(['config' => $config]);
 
+//security headers
+	header("X-Frame-Options: SAMEORIGIN");
+	header("Content-Security-Policy: frame-ancestors 'self';");
+
 //start the session if not using the command line
 	global $no_session;
 	if (!defined('STDIN') && empty($no_session)) {