From a26931594c326cc96bb18724e21333bb8866d092 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 14 Jul 2022 11:53:31 +0200
Subject: [PATCH] FIX #yogosha11799

---
 htdocs/install/inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index 27a3fc01abd..6ca9a99cdcf 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -419,6 +419,7 @@ function pHeader($subtitle, $next, $action = 'set', $param = '', $forcejqueryurl
 	// We force the content charset
 	header("Content-type: text/html; charset=".$conf->file->character_set_client);
 	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
 
 	print '<!DOCTYPE HTML>'."\n";
 	print '<html>'."\n";