restrict ui iframes

2021-10-09 13:01:21 -05:00 · 2021-10-09 13:01:21 -05:00 · d3a7d82dc0
parent 67bde3b6a3
commit d3a7d82dc0
1 changed files with 4 additions and 4 deletions
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@ -67,14 +67,14 @@ instance Yesod App where
            else id

    yesodMiddleware :: HandlerFor App res -> HandlerFor App res
-    yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
+    yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
      where
-        maybeSSLOnly handler = do
+        customMiddleware handler = do
+          addHeader "X-Frame-Options" "DENY"
          yesod <- getYesod
          (if appSSLOnly (appSettings yesod)
             then sslOnlyMiddleware session_timeout_minutes
-             else id)
-            handler
+             else id) handler

    defaultLayout widget = do
        req <- getRequest