Skip to content

Commit

Permalink
Added X-Frame-Options and CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
@D-K-P
D-K-P committed Feb 10, 2025
1 parent bc7d445 commit f465bcc
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions apps/webapp/app/entry.server.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ export default function handleRequest(
responseHeaders: Headers,
remixContext: EntryContext
) {
const url = new URL(request.url);

if (url.pathname.startsWith("/login")) {
responseHeaders.set("X-Frame-Options", "SAMEORIGIN");
responseHeaders.set("Content-Security-Policy", "frame-ancestors 'self'");
}

const acceptLanguage = request.headers.get("accept-language");
const locales = parseAcceptLanguage(acceptLanguage, {
validate: Intl.DateTimeFormat.supportedLocalesOf,
Expand Down

0 comments on commit f465bcc

Please sign in to comment.