From 2bf88e1ae955383cff4c64bd433f09b7ff5dfab1 Mon Sep 17 00:00:00 2001
From: Dawson Toth <dawson@harperdb.io>
Date: Wed, 13 May 2026 09:57:27 -0400
Subject: [PATCH] fix: Add CSV and frame option denials

https://harperdb.atlassian.net/browse/STUDIO-682
---
 deploy-template/fastify/static.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deploy-template/fastify/static.js b/deploy-template/fastify/static.js
index 52d8bf1b8..1694a36d5 100644
--- a/deploy-template/fastify/static.js
+++ b/deploy-template/fastify/static.js
@@ -9,6 +9,11 @@ export default async (fastify) => {
 	});
 
 	fastify.get('/', function(req, reply) {
-		reply.sendFile('index.html', { maxAge: '1m', immutable: false });
+		reply.header('Content-Security-Policy', "frame-ancestors 'none'");
+		reply.header('X-Frame-Options', 'DENY');
+		reply.sendFile('index.html', {
+			maxAge: '1m',
+			immutable: false,
+		});
 	});
 };