Merge pull request #399 from JetMaddox/master

Disable Framing on all sites. I'm merging this ***conditionally*** - at some point, we wish to introduce integration with CMSes like WordPress. An easy way to achieve this would be placing NodeBB in an iframe. At that point in time, we'll want to make this a configurable option via admin panel.
11 years ago · 207ff98211
parent 1fb09a9c8c a8f2fd66ae
commit 207ff98211
1 changed files with 4 additions and 0 deletions
--- a/src/webserver.js
+++ b/src/webserver.js
@ -125,6 +125,10 @@ var express = require('express'),
 				app.use(function (req, res, next) {
 					nconf.set('https', req.secure);
 					res.locals.csrf_token = req.session._csrf;
+					
+					// Disable framing
+					res.setHeader("X-Frame-Options", "DENY");
+					
 					next();
 				});