From 6ea9db7a5cf300e3cbf0eab7e1d6da1155a2f7f8 Mon Sep 17 00:00:00 2001
From: Chris Brame <polonel@gmail.com>
Date: Wed, 18 May 2022 17:38:43 -0400
Subject: [PATCH] fix(core): iframe security fix

---
 src/middleware/index.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/middleware/index.js b/src/middleware/index.js
index 1cb07dff3..132f84d86 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -173,6 +173,7 @@ function allowCrossDomain (req, res, next) {
     'Access-Control-Allow-Headers',
     'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,accesstoken,X-RToken,X-Token'
   )
+  res.setHeader('Content-Security-Policy', "frame-ancestors 'none';")
 
   if (req.method === 'OPTIONS') {
     res.sendStatus(200)