Apache: deny framing of WebUI from different origins

There is no legitimate reason to do this. Setting header X-Frame-Options
to "sameorigin" is necessary for displaying some collectd graphs on the
WebUI.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

config/httpd/vhosts.d/ipfire-interface-ssl.conf

@@ -23,6 +23,7 @@
     Header always set X-Content-Type-Options nosniff
     Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
     Header always set Referrer-Policy strict-origin
+    Header always set X-Frame-Options sameorigin
 
     <Directory /srv/web/ipfire/html>
         Options ExecCGI

config/httpd/vhosts.d/ipfire-interface.conf

@@ -9,6 +9,7 @@
     Header always set X-Content-Type-Options nosniff
     Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
     Header always set Referrer-Policy strict-origin
+    Header always set X-Frame-Options sameorigin
 
     <Directory /srv/web/ipfire/html>
         Options ExecCGI