From 8155db669baff9aac5617a7aaf68dd35823ed7c9 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Mon, 12 Apr 2021 15:33:54 +0200
Subject: Dissociate frameguard from csp

---
 server.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'server.ts')

diff --git a/server.ts b/server.ts
index f44202c9a..2531080a3 100644
--- a/server.ts
+++ b/server.ts
@@ -59,11 +59,11 @@ import { baseCSP } from './server/middlewares/csp'
 
 if (CONFIG.CSP.ENABLED) {
   app.use(baseCSP)
-  app.use(helmet({
-    frameguard: {
-      action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
-    },
-    hsts: false
+}
+
+if (CONFIG.SECURITY.FRAMEGUARD.ENABLED) {
+  app.use(helmet.frameguard({
+    action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
   }))
 }
 
-- 
cgit v1.2.3