yogsototh/espial
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

restrict ui iframes

Browse source
This commit is contained in:
Jon Schoning 2021-10-09 13:01:21 -05:00
parent ba56d5c429
commit a080c3017a
No known key found for this signature in database
GPG key ID: F356416A06AC0A60
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Foundation.hs
View file

@ -67,14 +67,14 @@ instance Yesod App where
else id else id
yesodMiddleware :: HandlerFor App res -> HandlerFor App res yesodMiddleware :: HandlerFor App res -> HandlerFor App res
yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
where where
maybeSSLOnly handler = do customMiddleware handler = do
addHeader "X-Frame-Options" "DENY"
yesod <- getYesod yesod <- getYesod
(if appSSLOnly (appSettings yesod) (if appSSLOnly (appSettings yesod)
then sslOnlyMiddleware session_timeout_minutes then sslOnlyMiddleware session_timeout_minutes
else id) else id) handler
handler
defaultLayout widget = do defaultLayout widget = do
req <- getRequest req <- getRequest