fix: introduce X-Frame-Options header to prevent clickjacking

2024-11-22 07:01:28 +00:00 · 2021-10-13 08:58:40 +05:30 · 2021-10-13 08:58:40 +05:30 · b3e9df4f3d
commit b3e9df4f3d
parent 3b8cf4a60a
1 changed files with 6 additions and 0 deletions
--- a/netlify.toml
+++ b/netlify.toml
@ -7,6 +7,12 @@
  publish = "packages/hoppscotch-app/dist"
  command = "npx pnpm i --store=node_modules/.pnpm-store && npx pnpm run generate"

+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"
+
 [[redirects]]
  from = "/discord"
  to = "https://discord.gg/GAMWxmR"