Skip to content

Commit 2c2afdf

Browse files
committed
X-Frame-Options should be effective for HTTPs only
1 parent 1cb5813 commit 2c2afdf

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

src/samples/server.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,9 @@ app.use((req, res, next) => {
3232

3333
// CSP - X-Frame-Options
3434
// For IE (at least v.11)
35-
res.header('X-Frame-Options', 'ALLOW-FROM https://localhost:7777, https://localhost:7777');
35+
res.header('X-Frame-Options', 'ALLOW-FROM https://localhost:7777');
3636
// For modern browsers (Chrome / Firefox / EdgeChromium / Safari ...)
37-
res.header('Content-Security-Policy', "frame-ancestors 'self' https://localhost:7777 http://localhost:7777");
37+
res.header('Content-Security-Policy', "frame-ancestors 'self' https://localhost:7777");
3838
next();
3939
});
4040

0 commit comments

Comments
 (0)