From ef031d40bd4c2d6f20b6543176a5cb18405c0be1 Mon Sep 17 00:00:00 2001
From: Jorge Merlino <jorge.merlino@canonical.com>
Date: Sat, 31 Aug 2024 20:31:29 -0300
Subject: [PATCH] Set X-Frame-Options header to sameorigin

If this header is set to deny, then operations cannot be performed from
the network topology page as the <svg> tag is a kind of <embed> and
access is restricted from there. Setting it to sameorigin allows
operations from the network topology page as long as they belong to the
same web application (same origin).
Related-Bug: #2077024

Change-Id: Ifcc9725bad34178a3eb606e9f822d2a68f5bf987
---
 templates/default | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/default b/templates/default
index 4a4c38a3..f5cac563 100644
--- a/templates/default
+++ b/templates/default
@@ -36,4 +36,5 @@
 
         KeepAliveTimeout 75
         MaxKeepAliveRequests 1000
+        Header set X-Frame-Options: "sameorigin"
 </VirtualHost>