From 9bbb02c06a863a64acf8649a7aab992844b6eefe Mon Sep 17 00:00:00 2001
From: Shenghang Tsai <jackalcooper@gmail.com>
Date: Tue, 19 Mar 2024 14:32:12 +0800
Subject: [PATCH] Add within_iframe_secure_headers (#16)

---
 config/runtime.exs        | 7 +++++--
 lib/live_xl_web/router.ex | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/config/runtime.exs b/config/runtime.exs
index ecbabfe..924e99a 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -33,7 +33,6 @@ if config_env() == :prod do
       You can generate one by calling: mix phx.gen.secret
       """
 
-  host = System.get_env("PHX_HOST")
   phx_port = System.get_env("PHX_PORT")
   scheme = System.get_env("PHX_SCHEME")
   check_origin = System.get_env("PHX_CHECK_ORIGIN") in ~w{1 true True}
@@ -41,8 +40,12 @@ if config_env() == :prod do
 
   config :live_xl, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
+  if host = System.get_env("PHX_HOST") do
+    config :live_xl, LiveXLWeb.Endpoint,
+      url: [host: host || "example.com", port: phx_port || 443, scheme: scheme || "https"]
+  end
+
   config :live_xl, LiveXLWeb.Endpoint,
-    url: [host: host || "example.com", port: phx_port || 443, scheme: scheme || "https"],
     http: [
       # Enable IPv6 and bind on all interfaces.
       # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
diff --git a/lib/live_xl_web/router.ex b/lib/live_xl_web/router.ex
index a723fc5..6ff5b06 100644
--- a/lib/live_xl_web/router.ex
+++ b/lib/live_xl_web/router.ex
@@ -8,6 +8,7 @@ defmodule LiveXLWeb.Router do
     plug :put_root_layout, html: {LiveXLWeb.Layouts, :root}
     plug :protect_from_forgery
     plug :put_secure_browser_headers
+    plug :within_iframe_secure_headers
   end
 
   pipeline :api do
@@ -47,4 +48,8 @@ defmodule LiveXLWeb.Router do
       forward "/mailbox", Plug.Swoosh.MailboxPreview
     end
   end
+
+  defp within_iframe_secure_headers(conn, _opts) do
+    delete_resp_header(conn, "x-frame-options")
+  end
 end