From ffc59395ca4b804e05cc0676608b6f27c2d36cc0 Mon Sep 17 00:00:00 2001
From: Mike McKay <mfmckay@wustl.edu>
Date: Fri, 19 Feb 2016 18:57:20 +0000
Subject: [PATCH] Fixed iframes.

---
 src/main/webapp/WEB-INF/conf/xnat-security.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/webapp/WEB-INF/conf/xnat-security.xml b/src/main/webapp/WEB-INF/conf/xnat-security.xml
index 538b3761..9efc1436 100644
--- a/src/main/webapp/WEB-INF/conf/xnat-security.xml
+++ b/src/main/webapp/WEB-INF/conf/xnat-security.xml
@@ -87,6 +87,10 @@
         <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
         <security:custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
         <security:session-management session-authentication-strategy-ref="sas"/>
+        <security:headers>
+            <security:frame-options policy="SAMEORIGIN" />
+            <security:hsts disabled="true"/>
+        </security:headers>
     </security:http>
 
     <bean class="org.nrg.xnat.security.FilterSecurityInterceptorBeanPostProcessor">
-- 
GitLab