From a49e1b5117a13318f892d8d119e1e6d2bcf99df8 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Fri, 15 Jul 2016 11:08:11 +0200
Subject: [PATCH] Set xFrameOptions fallback

---
 src/appdb.js | 3 +++
 src/apps.js  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/appdb.js b/src/appdb.js
index 897542040..64fa70b0a 100644
--- a/src/appdb.js
+++ b/src/appdb.js
@@ -92,6 +92,9 @@ function postProcess(result) {
     result.accessRestriction = safe.JSON.parse(result.accessRestrictionJson);
     if (result.accessRestriction && !result.accessRestriction.users) result.accessRestriction.users = [];
     delete result.accessRestrictionJson;
+
+    // TODO remove later once all apps have this attribute
+    result.xFrameOptions = result.xFrameOptions || 'SAMEORIGIN';
 }
 
 function get(id, callback) {
diff --git a/src/apps.js b/src/apps.js
index a5c47bad8..90a1dd0c1 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -262,7 +262,7 @@ function getAppConfig(app) {
         accessRestriction: app.accessRestriction,
         portBindings: app.portBindings,
         memoryLimit: app.memoryLimit,
-        xFrameOptions: app.xFrameOptions,
+        xFrameOptions: app.xFrameOptions || 'SAMEORIGIN',
         altDomain: app.altDomain
     };
 }