Merged #166 "Fix XRF vulnerability"

src/main/java/com/gitblit/wicket/pages/BasePage.java

@@ -166,6 +166,9 @@ public abstract class BasePage extends SessionPage {
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**