Add config option to disallow framing via CSP

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-18 09:59:14 +02:00
parent 9499add64c
commit bd44cbc16c
4 changed files with 12 additions and 6 deletions
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -25,7 +25,8 @@ module.exports = {
    addDisqus: false,
    addGoogleAnalytics: false,
    upgradeInsecureRequests: 'auto',
-    reportURI: undefined
+    reportURI: undefined,
+    allowFraming: true
  },
  cookiePolicy: 'lax',
  protocolUseSSL: false,
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -22,7 +22,8 @@ module.exports = {
    enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
    reportURI: process.env.CMD_CSP_REPORTURI,
    addDisqus: toBooleanConfig(process.env.CMD_CSP_ADD_DISQUS),
-    addGoogleAnalytics: toBooleanConfig(process.env.CMD_CSP_ADD_GOOGLE_ANALYTICS)
+    addGoogleAnalytics: toBooleanConfig(process.env.CMD_CSP_ADD_GOOGLE_ANALYTICS),
+    allowFraming: toBooleanConfig(process.env.CMD_CSP_ALLOW_FRAMING)
  },
  cookiePolicy: process.env.CMD_COOKIE_POLICY,
  protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),