From d00e2393d4269c0b4e280753e5f82ac06bd218c6 Mon Sep 17 00:00:00 2001
From: Rigel Kent <sendmemail@rigelk.eu>
Date: Mon, 16 Jul 2018 09:02:08 +0200
Subject: selective route permission to use embeds with x-frame-deny

---
 server.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'server.ts')

diff --git a/server.ts b/server.ts
index a6052faed..26750802c 100644
--- a/server.ts
+++ b/server.ts
@@ -15,6 +15,7 @@ import * as express from 'express'
 import * as morgan from 'morgan'
 import * as cors from 'cors'
 import * as cookieParser from 'cookie-parser'
+import * as helmet from 'helmet'
 
 process.title = 'peertube'
 
@@ -48,6 +49,13 @@ if (errorMessage !== null) {
 // Trust our proxy (IP forwarding...)
 app.set('trust proxy', CONFIG.TRUST_PROXY)
 
+// Security middlewares
+app.use(helmet({
+  frameguard: {
+    action: 'deny'
+  }
+}))
+
 // ----------- Database -----------
 
 // Initialize database and models
-- 
cgit v1.2.3