Skip to content

Commit

Permalink
Issue #368: fix allow i frame flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@butlerx
butlerx committed Jan 31, 2022
1 parent d50615f commit 1b21d49
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions src/server/socketServer/security.ts
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
import helmet from 'helmet';
import type { Request, Response } from 'express';

export const policies = (allowIframe: boolean) => (
req: Request,
res: Response,
next: (err?: unknown) => void,
) => {
helmet({
frameguard: allowIframe ? false : { action: 'sameorigin' },
referrerPolicy: { policy: ['no-referrer-when-downgrade'] },
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
styleSrc: ["'self'", "'unsafe-inline'"],
fontSrc: ["'self'", 'data:'],
connectSrc: [
"'self'",
(req.protocol === 'http' ? 'ws://' : 'wss://') + req.get('host'),
],
export const policies =
(allowIframe: boolean) =>
(req: Request, res: Response, next: (err?: unknown) => void): void => {
const args: Record<string, unknown> = {
referrerPolicy: { policy: ['no-referrer-when-downgrade'] },
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
styleSrc: ["'self'", "'unsafe-inline'"],
fontSrc: ["'self'", 'data:'],
connectSrc: [
"'self'",
(req.protocol === 'http' ? 'ws://' : 'wss://') + req.get('host'),
],
},
},
},
})(req, res, next);
};
};
if (!allowIframe) args.frameguard = { action: 'sameorigin' };

helmet(args)(req, res, next);
};

0 comments on commit 1b21d49

Please sign in to comment.