LBRYCommunity/lbry-desktop
1
0
Fork 0
Code Issues 596 Pull requests 6 Projects Releases 238 Packages Wiki Activity

decode uri before test /$/

Browse source
This commit is contained in:
zeppi 2021-02-19 09:30:28 -05:00 committed by jessopb
parent e39c6c6208
commit e2d30e708e
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/middleware/iframe-destroyer.js
View file

@ -4,8 +4,9 @@ async function iframeDestroyerMiddleware(ctx, next) {
const { const {
request: { path }, request: { path },
} = ctx; } = ctx;
const decodedPath = decodeURIComponent(path);
if (!path.startsWith(`/$/${PAGES.EMBED}`)) { if (!decodedPath.startsWith(`/$/${PAGES.EMBED}`)) {
ctx.set('X-Frame-Options', 'DENY'); ctx.set('X-Frame-Options', 'DENY');
} }