yogsototh/espial
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

restrict ui iframes

Browse source
This commit is contained in:
Jon Schoning 2021-10-09 13:01:21 -05:00
parent ba56d5c429
commit a080c3017a
No known key found for this signature in database
GPG key ID: F356416A06AC0A60
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Foundation.hs
View file

@ -67,14 +67,14 @@ instance Yesod App where
else id
yesodMiddleware :: HandlerFor App res -> HandlerFor App res
yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
where
maybeSSLOnly handler = do
customMiddleware handler = do
addHeader "X-Frame-Options" "DENY"
yesod <- getYesod
(if appSSLOnly (appSettings yesod)
then sslOnlyMiddleware session_timeout_minutes
else id)
handler
else id) handler
defaultLayout widget = do
req <- getRequest