Merge pull request #2412 from MetaMask/x-frame-options

mascara - set x-frame-options header to DENY
author: kumavis <kumavis@users.noreply.github.com> 2017-10-21 02:04:11 +0800
committer: GitHub <noreply@github.com> 2017-10-21 02:04:11 +0800
commit: 2a18f732c7b31d966631507ebbaca0e6cbbaceb6 (patch)
tree: 6d9e1ea0a6f23c064095e54aa81ad326c0e4931f
parent: e3a7da961dd01bcb936a000cdf62e2290a5024ef (diff)
parent: 5c902423d9f20699c636d8291b6a5f5071aeae85 (diff)
download: tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.tar.gz
tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.tar.zst
tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/mascara/server/index.js b/mascara/server/index.js
index 12b527e5d..24739b43f 100644
--- a/mascara/server/index.js
+++ b/mascara/server/index.js
@@ -17,7 +17,7 @@ function createMetamascaraServer () {
   const server = express()
   // ui window
   serveBundle(server, '/ui.js', uiBundle)
-  server.use(express.static(__dirname + '/../ui/'))
+  server.use(express.static(__dirname + '/../ui/', { setHeaders: (res) => res.set('X-Frame-Options', 'DENY') }))
   server.use(express.static(__dirname + '/../../dist/chrome'))
   // metamascara
   serveBundle(server, '/metamascara.js', metamascaraBundle)
author	kumavis <kumavis@users.noreply.github.com>	2017-10-21 02:04:11 +0800
committer	GitHub <noreply@github.com>	2017-10-21 02:04:11 +0800
commit	2a18f732c7b31d966631507ebbaca0e6cbbaceb6 (patch)
tree	6d9e1ea0a6f23c064095e54aa81ad326c0e4931f
parent	e3a7da961dd01bcb936a000cdf62e2290a5024ef (diff)
parent	5c902423d9f20699c636d8291b6a5f5071aeae85 (diff)
download	tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.tar.gz tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.tar.zst tangerine-wallet-browser-2a18f732c7b31d966631507ebbaca0e6cbbaceb6.zip