Disable framing

Set the X-Frame-Options to DENY for added security.
2025-11-01 11:35:55 +01:00 · 2013-10-11 11:08:52 +02:00
parent 6c3e121b6c
commit 73dafa6aff
1 changed files with 4 additions and 0 deletions
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -112,6 +112,10 @@ var express = require('express'),
 				app.use(function (req, res, next) {
 					nconf.set('https', req.secure);
 					res.locals.csrf_token = req.session._csrf;
+					
+					// Disable framing
+					res.setHeader "x-frame-options", "DENY"
+					
 					next();
 				});