LBRYCommunity/lbry-desktop
1
0
Fork 0
Code Issues 596 Pull requests 6 Projects Releases 238 Packages Wiki Activity

deny iframes of for non embed pages

Browse source
This commit is contained in:
Sean Yesmunt 2021-02-18 16:57:52 -05:00
parent b231b1a51f
commit 675cb3119d
2 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/index.js
View file

@ -6,6 +6,7 @@ const logger = require('koa-logger');
const router = require('./src/routes');
const redirectMiddleware = require('./middleware/redirect');
const cacheControlMiddleware = require('./middleware/cache-control');
const iframeDestroyerMiddleware = require('./middleware/iframe-destroyer');
const app = new Koa();
const DIST_ROOT = path.resolve(__dirname, 'dist');
@ -25,6 +26,7 @@ app.use(async (ctx, next) => {
app.use(logger());
app.use(cacheControlMiddleware);
app.use(redirectMiddleware);
app.use(iframeDestroyerMiddleware);
app.use(serve(DIST_ROOT)); // Check if the request url matches any assets inside of /dist
app.use(router.routes());

15
web/middleware/iframe-destroyer.js Normal file
View file

@ -0,0 +1,15 @@
const PAGES = require('../../ui/constants/pages');
async function iframeDestroyerMiddleware(ctx, next) {
const {
request: { path },
} = ctx;
if (!path.startsWith(`/$/${PAGES.EMBED}`)) {
ctx.set('X-Frame-Options', 'DENY');
}
return next();
}
module.exports = iframeDestroyerMiddleware;