From 5c902423d9f20699c636d8291b6a5f5071aeae85 Mon Sep 17 00:00:00 2001
From: frankiebee <frankie.diamond@gmail.com>
Date: Fri, 20 Oct 2017 02:30:46 -0700
Subject: mascara - set x-frame-options header to DENY

---
 mascara/server/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mascara')

diff --git a/mascara/server/index.js b/mascara/server/index.js
index 12b527e5d..24739b43f 100644
--- a/mascara/server/index.js
+++ b/mascara/server/index.js
@@ -17,7 +17,7 @@ function createMetamascaraServer () {
   const server = express()
   // ui window
   serveBundle(server, '/ui.js', uiBundle)
-  server.use(express.static(__dirname + '/../ui/'))
+  server.use(express.static(__dirname + '/../ui/', { setHeaders: (res) => res.set('X-Frame-Options', 'DENY') }))
   server.use(express.static(__dirname + '/../../dist/chrome'))
   // metamascara
   serveBundle(server, '/metamascara.js', metamascaraBundle)
-- 
cgit