mirror of
https://github.com/moparisthebest/mail
synced 2024-11-21 16:35:04 -05:00
[WO-03-013] Fix lack of X-Frame-Options Header on Whiteout Server (Medium)
This commit is contained in:
parent
0dc04e659f
commit
e6d109d42d
@ -75,6 +75,8 @@ var development = (process.argv[2] === '--dev');
|
||||
|
||||
// set HTTP headers
|
||||
app.use(function(req, res, next) {
|
||||
// prevent rendering website in foreign iframe (Clickjacking)
|
||||
res.set('X-Frame-Options', 'SAMEORIGIN');
|
||||
// HSTS
|
||||
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
|
||||
// CSP
|
||||
|
Loading…
Reference in New Issue
Block a user