Add clickjacking prevention middleware (#68)
Fix https://github.com/matrix-org/matrix-public-archive/issues/67
This commit is contained in:
parent
32c77ecffe
commit
b7597b2749
|
@ -6,9 +6,11 @@ const asyncHandler = require('../lib/express-async-handler');
|
||||||
|
|
||||||
const { handleTracingMiddleware } = require('../tracing/tracing-middleware');
|
const { handleTracingMiddleware } = require('../tracing/tracing-middleware');
|
||||||
const getVersionTags = require('../lib/get-version-tags');
|
const getVersionTags = require('../lib/get-version-tags');
|
||||||
|
const preventClickjackingMiddleware = require('./prevent-clickjacking-middleware');
|
||||||
|
|
||||||
function installRoutes(app) {
|
function installRoutes(app) {
|
||||||
app.use(handleTracingMiddleware);
|
app.use(handleTracingMiddleware);
|
||||||
|
app.use(preventClickjackingMiddleware);
|
||||||
|
|
||||||
let healthCheckResponse;
|
let healthCheckResponse;
|
||||||
app.get(
|
app.get(
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
// Don't allow others to iframe embed which can lead to clickjacking
|
||||||
|
function preventClickjackingMiddleware(req, res, next) {
|
||||||
|
res.set('X-Frame-Options', 'DENY');
|
||||||
|
|
||||||
|
next();
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = preventClickjackingMiddleware;
|
Loading…
Reference in New Issue