Express middleware to add an X-Frame-Options response header
JavaScript
Switch branches/tags
Nothing to show
Latest commit 2c6d277 May 12, 2015 @domharrington 1.0.0
Permalink
Failed to load latest commit information.
.gitignore
.jshintignore
.jshintrc
.travis.yml
README.md
example.js
index.js
package.json
test.js

README.md

x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

build status

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

  var express = require('express')
  var app = express()
  var xFrameOptions = require('x-frame-options')

  app.use(xFrameOptions())

  app.get('/', function (req, res) {
    res.get('X-Frame-Options') // === 'Deny'
  })

  app.listen(3000)

Usage

  var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License