Express middleware to add an X-Frame-Options response header
Clone or download
Latest commit 2c6d277 May 12, 2015
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Nov 24, 2013
.jshintignore Initial commit Nov 24, 2013
.jshintrc Initial commit Nov 24, 2013
.travis.yml Update travis versions May 12, 2015
README.md Initial commit Nov 24, 2013
example.js Add example Nov 24, 2013
index.js Initial commit Nov 24, 2013
package.json 1.0.0 May 12, 2015
test.js Initial commit Nov 24, 2013

README.md

x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

build status

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

  var express = require('express')
  var app = express()
  var xFrameOptions = require('x-frame-options')

  app.use(xFrameOptions())

  app.get('/', function (req, res) {
    res.get('X-Frame-Options') // === 'Deny'
  })

  app.listen(3000)

Usage

  var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License