mirror of
https://github.com/moparisthebest/mail
synced 2024-12-22 07:18:49 -05:00
[WO-03-013] Set stricter X-Frame-Options HTTP headers
This commit is contained in:
parent
6216fe2f1a
commit
281e53a887
@ -76,7 +76,7 @@ var development = (process.argv[2] === '--dev');
|
||||
// set HTTP headers
|
||||
app.use(function(req, res, next) {
|
||||
// prevent rendering website in foreign iframe (Clickjacking)
|
||||
res.set('X-Frame-Options', 'SAMEORIGIN');
|
||||
res.set('X-Frame-Options', 'DENY');
|
||||
// HSTS
|
||||
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
|
||||
// CSP
|
||||
@ -88,11 +88,14 @@ app.use(function(req, res, next) {
|
||||
res.set('Cache-control', 'public, max-age=0');
|
||||
next();
|
||||
});
|
||||
|
||||
app.use('/appcache.manifest', function(req, res, next) {
|
||||
res.set('Cache-control', 'no-cache');
|
||||
next();
|
||||
});
|
||||
app.use('/tpl/read-sandbox.html', function(req, res, next) {
|
||||
res.set('X-Frame-Options', 'SAMEORIGIN');
|
||||
next();
|
||||
});
|
||||
|
||||
// redirect all http traffic to https
|
||||
app.use(function(req, res, next) {
|
||||
|
Loading…
Reference in New Issue
Block a user