fuwafuwa
/
etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

allow strict transport if ssl is on and stop x-frame-options, this might break embedded pads, please test

This commit is contained in:
John McLear 2013-03-14 19:03:20 -03:00
parent 5d12be940c
commit ffe7e65db6
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/node/hooks/express.js
View File

@ -27,7 +27,7 @@ exports.createServer = function () {
}
console.log("Report bugs at https://github.com/ether/etherpad-lite/issues")
serverName = "Etherpad-Lite " + version + " (http://etherpad.org)";
serverName = "Etherpad " + version + " (http://etherpad.org)";
exports.restartServer();
@ -71,6 +71,11 @@ exports.restartServer = function () {
}
app.use(function (req, res, next) {
res.header("X-Frame-Options", "deny");
if(settings.ssl){ // if we use SSL
res.header("X-Frame-Options", "max-age=31536000; includeSubDomains");
}
res.header("Server", serverName);
next();
});