6
rated 0 times
[
13]
[
7]
/ answers: 1 / hits: 41174
/ 7 Years ago, sun, october 29, 2017, 12:00:00
I have some static assets that I want to serve inside iframes of several desktop / mobile web clients.
Now, how do I whitelist a specific set of origins to be allowed
setting of X-Frame-Options headers so that the resource can be embedded as iframes
inside different desktop / mobile web clients.
and for all other origins denies the access to this resource.
With a little digging I started off with -
const app = express();
var allowCrossDomain = function (req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, X-Requested-With, Authorization');
if (req.method === OPTIONS) res.send(200);
else next();
}
app.use(allowCrossDomain);
Now here how do I set the X-Frame-Options header with the whitelisted origin values here -
More From » node.js