Spaces:
Runtime error
Runtime error
fix(csp): ALLOW_IFRAME works on builds
Browse files- src/hooks.server.ts +5 -0
src/hooks.server.ts
CHANGED
|
@@ -289,5 +289,10 @@ export const handle: Handle = async ({ event, resolve }) => {
|
|
| 289 |
},
|
| 290 |
});
|
| 291 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 292 |
return response;
|
| 293 |
};
|
|
|
|
| 289 |
},
|
| 290 |
});
|
| 291 |
|
| 292 |
+
// Add CSP header to disallow framing if ALLOW_IFRAME is not "true"
|
| 293 |
+
if (env.ALLOW_IFRAME !== "true") {
|
| 294 |
+
response.headers.append("Content-Security-Policy", "frame-ancestors 'none';");
|
| 295 |
+
}
|
| 296 |
+
|
| 297 |
return response;
|
| 298 |
};
|