Bugfix, setting properly X-Frame-Options (#2977)

* Bugfix, setting properly X-Frame-Options * Added Changelog.md * Update CHANGELOG.md * Fixed Changelog.md * fix(backend): Organize code in plugin backend setup
wazuh · Feb 18, 2021 · 141b434 · 141b434
1 parent 2cdf55c
commit 141b434
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,11 +4,15 @@ All notable changes to the Wazuh app project will be documented in this file.
 
 ## Wazuh v4.1.1 - Kibana 7.10.0 , 7.10.2 - Revision 4102
 
+### Added
+
+- Added a X-Frame-Options header to the backend responses [#2977](https://github.com/wazuh/wazuh-kibana-app/pull/2977)
+
 ### Fixed
 
 - Fix the statusCode error message [#2971](https://github.com/wazuh/wazuh-kibana-app/pull/2971)
 - Fix the SCA policy stats didn't refresh [#2973](https://github.com/wazuh/wazuh-kibana-app/pull/2973)
-- Fixed some date fields format in FIM and SCA modules [#2975](https://github.com/wazuh/wazuh-kibana-app/pull/2975)
+- Fix some date fields format in FIM and SCA modules [#2975](https://github.com/wazuh/wazuh-kibana-app/pull/2975)
 
 ## Wazuh v4.1.0 - Kibana 7.10.0 , 7.10.2 - Revision 4101
 

diff --git a/server/plugin.ts b/server/plugin.ts
@@ -94,6 +94,14 @@ export class WazuhPlugin implements Plugin<WazuhPluginSetup, WazuhPluginStart> {
       };
     });
 
+    // Add custom headers to the responses
+    core.http.registerOnPreResponse((request, response, toolkit) => {
+      const additionalHeaders = {
+        'x-frame-options': 'sameorigin',
+      };
+      return toolkit.next({ headers: additionalHeaders });
+    });
+
     // Routes
     const router = core.http.createRouter();
     setupRoutes(router);