anti-framing policy added with headers

backend/Services/Security/Security.php

@@ -89,5 +89,11 @@ class Security implements Service
                 die;
             }
         }
+
+
+        if (empty($config['allow_insecure_overlays']) || !$config['allow_insecure_overlays']) {
+            $this->response->headers->set('X-Frame-Options', 'sameorigin');
+            $this->response->headers->set('Content-Security-Policy', 'frame-ancestors \'self\'');
+        }
     }
 }

configuration_sample.php

@@ -72,6 +72,7 @@ return [
                 'csrf_key' => "123456", // randomize this
                 'ip_allowlist' => [],
                 'ip_denylist' => [],
+                'allow_insecure_overlays' => false,
             ],
         ],
         'Filegator\Services\View\ViewInterface' => [