restrict ui iframes
This commit is contained in:
parent
ba56d5c429
commit
a080c3017a
|
@ -67,14 +67,14 @@ instance Yesod App where
|
||||||
else id
|
else id
|
||||||
|
|
||||||
yesodMiddleware :: HandlerFor App res -> HandlerFor App res
|
yesodMiddleware :: HandlerFor App res -> HandlerFor App res
|
||||||
yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
|
yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
|
||||||
where
|
where
|
||||||
maybeSSLOnly handler = do
|
customMiddleware handler = do
|
||||||
|
addHeader "X-Frame-Options" "DENY"
|
||||||
yesod <- getYesod
|
yesod <- getYesod
|
||||||
(if appSSLOnly (appSettings yesod)
|
(if appSSLOnly (appSettings yesod)
|
||||||
then sslOnlyMiddleware session_timeout_minutes
|
then sslOnlyMiddleware session_timeout_minutes
|
||||||
else id)
|
else id) handler
|
||||||
handler
|
|
||||||
|
|
||||||
defaultLayout widget = do
|
defaultLayout widget = do
|
||||||
req <- getRequest
|
req <- getRequest
|
||||||
|
|
Loading…
Reference in a new issue