[WO-03-013] Fix lack of X-Frame-Options Header on Whiteout Server (Medium)

This commit is contained in:
Tankred Hase 2015-04-22 18:35:59 +02:00
parent 0dc04e659f
commit e6d109d42d
1 changed files with 2 additions and 0 deletions

View File

@ -75,6 +75,8 @@ var development = (process.argv[2] === '--dev');
// set HTTP headers
app.use(function(req, res, next) {
// prevent rendering website in foreign iframe (Clickjacking)
res.set('X-Frame-Options', 'SAMEORIGIN');
// HSTS
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
// CSP