From d00e2393d4269c0b4e280753e5f82ac06bd218c6 Mon Sep 17 00:00:00 2001
From: Rigel Kent <sendmemail@rigelk.eu>
Date: Mon, 16 Jul 2018 09:02:08 +0200
Subject: selective route permission to use embeds with x-frame-deny

---
 server/controllers/client.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'server/controllers')

diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index bfdf35021..13ca15e9d 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -1,5 +1,6 @@
 import * as Bluebird from 'bluebird'
 import * as express from 'express'
+import * as helmet from 'helmet'
 import { join } from 'path'
 import * as validator from 'validator'
 import { escapeHTML, readFileBufferPromise, root } from '../helpers/core-utils'
@@ -30,9 +31,12 @@ clientsRouter.use('/videos/watch/:id',
 )
 
 clientsRouter.use('' +
-  '/videos/embed', (req: express.Request, res: express.Response, next: express.NextFunction) => {
-  res.sendFile(embedPath)
-})
+  '/videos/embed',
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    res.removeHeader('X-Frame-Options')
+    res.sendFile(embedPath)
+  }
+)
 clientsRouter.use('' +
   '/videos/test-embed', (req: express.Request, res: express.Response, next: express.NextFunction) => {
   res.sendFile(testEmbedPath)
-- 
cgit v1.2.3