mirror of
https://github.com/moparisthebest/mail
synced 2024-11-25 02:12:17 -05:00
[WO-03-013] Set stricter X-Frame-Options HTTP headers
This commit is contained in:
parent
6216fe2f1a
commit
281e53a887
@ -76,7 +76,7 @@ var development = (process.argv[2] === '--dev');
|
|||||||
// set HTTP headers
|
// set HTTP headers
|
||||||
app.use(function(req, res, next) {
|
app.use(function(req, res, next) {
|
||||||
// prevent rendering website in foreign iframe (Clickjacking)
|
// prevent rendering website in foreign iframe (Clickjacking)
|
||||||
res.set('X-Frame-Options', 'SAMEORIGIN');
|
res.set('X-Frame-Options', 'DENY');
|
||||||
// HSTS
|
// HSTS
|
||||||
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
|
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
|
||||||
// CSP
|
// CSP
|
||||||
@ -88,11 +88,14 @@ app.use(function(req, res, next) {
|
|||||||
res.set('Cache-control', 'public, max-age=0');
|
res.set('Cache-control', 'public, max-age=0');
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
||||||
app.use('/appcache.manifest', function(req, res, next) {
|
app.use('/appcache.manifest', function(req, res, next) {
|
||||||
res.set('Cache-control', 'no-cache');
|
res.set('Cache-control', 'no-cache');
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
app.use('/tpl/read-sandbox.html', function(req, res, next) {
|
||||||
|
res.set('X-Frame-Options', 'SAMEORIGIN');
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
// redirect all http traffic to https
|
// redirect all http traffic to https
|
||||||
app.use(function(req, res, next) {
|
app.use(function(req, res, next) {
|
||||||
|
Loading…
Reference in New Issue
Block a user