Add within_iframe_secure_headers (#16)

jackalcooper · Mar 19, 2024 · 9bbb02c · 9bbb02c
1 parent a8bbcfb
commit 9bbb02c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -33,16 +33,19 @@ if config_env() == :prod do
       You can generate one by calling: mix phx.gen.secret
       """
 
-  host = System.get_env("PHX_HOST")
   phx_port = System.get_env("PHX_PORT")
   scheme = System.get_env("PHX_SCHEME")
   check_origin = System.get_env("PHX_CHECK_ORIGIN") in ~w{1 true True}
   port = String.to_integer(System.get_env("PORT") || "4000")
 
   config :live_xl, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
+  if host = System.get_env("PHX_HOST") do
+    config :live_xl, LiveXLWeb.Endpoint,
+      url: [host: host || "example.com", port: phx_port || 443, scheme: scheme || "https"]
+  end
+
   config :live_xl, LiveXLWeb.Endpoint,
-    url: [host: host || "example.com", port: phx_port || 443, scheme: scheme || "https"],
     http: [
       # Enable IPv6 and bind on all interfaces.
       # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.

diff --git a/lib/live_xl_web/router.ex b/lib/live_xl_web/router.ex
@@ -8,6 +8,7 @@ defmodule LiveXLWeb.Router do
     plug :put_root_layout, html: {LiveXLWeb.Layouts, :root}
     plug :protect_from_forgery
     plug :put_secure_browser_headers
+    plug :within_iframe_secure_headers
   end
 
   pipeline :api do
@@ -47,4 +48,8 @@ defmodule LiveXLWeb.Router do
       forward "/mailbox", Plug.Swoosh.MailboxPreview
     end
   end
+
+  defp within_iframe_secure_headers(conn, _opts) do
+    delete_resp_header(conn, "x-frame-options")
+  end
 end