From 9678a1d4b2133141eb1f70e497a6329aff0ad531 Mon Sep 17 00:00:00 2001
From: David McMullin <david.mcmullin@gmail.com>
Date: Sun, 18 Nov 2012 09:55:10 +0000
Subject: [PATCH] add x-frame headers

---
 Gemfile   | 4 ++++
 config.ru | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/Gemfile b/Gemfile
index 436f67c67..912c67abd 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,6 +12,10 @@ gem 'rails_autolink', '1.0.9'
 
 gem 'rack-cors', '0.2.7', :require => 'rack/cors'
 
+# click-jacking protection
+
+gem 'rack-protection', '1.2'
+
 # authentication
 
 gem 'devise', '2.1.2'
diff --git a/config.ru b/config.ru
index bd250d89b..9603dbba3 100644
--- a/config.ru
+++ b/config.ru
@@ -14,4 +14,6 @@ if defined?(Unicorn)
 end
 use Rack::Deflater
 use Rack::ChromeFrame, :minimum => 8
+use Rack::Protection::FrameOptions
+
 run Diaspora::Application