fix(core): iframe security fix

polonel · May 18, 2022 · 6ea9db7 · 6ea9db7
1 parent b6f465f
commit 6ea9db7
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/middleware/index.js b/src/middleware/index.js
@@ -173,6 +173,7 @@ function allowCrossDomain (req, res, next) {
     'Access-Control-Allow-Headers',
     'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,accesstoken,X-RToken,X-Token'
   )
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'none';")
 
   if (req.method === 'OPTIONS') {
     res.sendStatus(200)