lbry-desktop/web/middleware/iframe-destroyer.js

const PAGES = require('../../ui/constants/pages');

async function iframeDestroyerMiddleware(ctx, next) {
  const {
    request: { path },
  } = ctx;
  const decodedPath = decodeURIComponent(path);

  if (!(decodedPath.startsWith(`/$/${PAGES.EMBED}`) || decodedPath.startsWith(`/$/api/content/v1/get`))) {
    ctx.set('X-Frame-Options', 'DENY');
  }

  return next();
}

module.exports = iframeDestroyerMiddleware;
deny iframes of for non embed pages 2021-02-18 22:57:52 +01:00			`const PAGES = require('../../ui/constants/pages');`

			`async function iframeDestroyerMiddleware(ctx, next) {`
			`const {`
			`request: { path },`
			`} = ctx;`
decode uri before test /$/ 2021-02-19 15:30:28 +01:00			`const decodedPath = decodeURIComponent(path);`
deny iframes of for non embed pages 2021-02-18 22:57:52 +01:00
Fix logic 2022-03-03 16:23:40 +01:00			if (!(decodedPath.startsWith(`/$/${PAGES.EMBED}`) \|\| decodedPath.startsWith(`/$/api/content/v1/get`))) {
deny iframes of for non embed pages 2021-02-18 22:57:52 +01:00			`ctx.set('X-Frame-Options', 'DENY');`
			`}`

			`return next();`
			`}`

			`module.exports = iframeDestroyerMiddleware;`