mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable iframing of the main domain

Browse Source
This commit is contained in:
Nariman Jelveh 2024-04-22 14:09:32 -07:00
parent 874928e845
commit ef35a04c4a
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/backend/src/services/WebServerService.js
View File

@ -336,6 +336,13 @@ class WebServerService extends BaseService {
// res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp')
res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin');
// Pass to next layer of middleware
// disable iframes on the main domain
if ( req.hostname === config.domain ) {
// disable iframes
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
}
next();
});