decode uri before test /$/
This commit is contained in:
parent
e39c6c6208
commit
e2d30e708e
1 changed files with 2 additions and 1 deletions
|
@ -4,8 +4,9 @@ async function iframeDestroyerMiddleware(ctx, next) {
|
|||
const {
|
||||
request: { path },
|
||||
} = ctx;
|
||||
const decodedPath = decodeURIComponent(path);
|
||||
|
||||
if (!path.startsWith(`/$/${PAGES.EMBED}`)) {
|
||||
if (!decodedPath.startsWith(`/$/${PAGES.EMBED}`)) {
|
||||
ctx.set('X-Frame-Options', 'DENY');
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue