decode uri before test /$/

This commit is contained in:
zeppi 2021-02-19 09:30:28 -05:00 committed by jessopb
parent e39c6c6208
commit e2d30e708e

View file

@ -4,8 +4,9 @@ async function iframeDestroyerMiddleware(ctx, next) {
const {
request: { path },
} = ctx;
const decodedPath = decodeURIComponent(path);
if (!path.startsWith(`/$/${PAGES.EMBED}`)) {
if (!decodedPath.startsWith(`/$/${PAGES.EMBED}`)) {
ctx.set('X-Frame-Options', 'DENY');
}