From c8a11543e8a5c837fbe554a48d9c1b4be452bf45 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@artica.es>
Date: Mon, 18 Oct 2021 16:36:10 +0200
Subject: [PATCH] #8111 Fixed X-Frame-Options

---
 pandora_console/.htaccess | 3 +++
 pandora_console/index.php | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pandora_console/.htaccess b/pandora_console/.htaccess
index ca572f7df1..0d2cae3781 100644
--- a/pandora_console/.htaccess
+++ b/pandora_console/.htaccess
@@ -1,6 +1,9 @@
 # pandora disable listing
 Options -Indexes
 
+# Avoid clickjacking
+Header always append X-Frame-Options SAMEORIGIN
+
 <Files ~ "\.log$"> 
 Order Allow,Deny
 Deny from All
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 548991159e..d6d3be20e0 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -220,8 +220,6 @@ echo '<head>'."\n";
 // This starts the page head. In the callback function,
 // $page['head'] array content will be processed into the head.
 ob_start('ui_process_page_head');
-// Avoid clickjacking.
-header('X-Frame-Options: SAMEORIGIN');
 // Enterprise main.
 enterprise_include_once('index.php');