yogsototh/espial
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

restrict ui iframes

Browse source
This commit is contained in:
Jon Schoning 2021-10-09 13:01:21 -05:00 committed by Yann Esposito (Yogsototh)
parent 67bde3b6a3
commit d3a7d82dc0
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Foundation.hs
View file

@ -67,14 +67,14 @@ instance Yesod App where
else id else id
yesodMiddleware :: HandlerFor App res -> HandlerFor App res yesodMiddleware :: HandlerFor App res -> HandlerFor App res
yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
where where
maybeSSLOnly handler = do customMiddleware handler = do
addHeader "X-Frame-Options" "DENY"
yesod <- getYesod yesod <- getYesod
(if appSSLOnly (appSettings yesod) (if appSSLOnly (appSettings yesod)
then sslOnlyMiddleware session_timeout_minutes then sslOnlyMiddleware session_timeout_minutes
else id) else id) handler
handler
defaultLayout widget = do defaultLayout widget = do
req <- getRequest req <- getRequest