feat(server): adds content-security-policy header to server endpoints (#2500)

2024-07-25 14:20:23 +01:00
parent 6eaf3c8c92
commit eefeef1ee4
1 changed files with 10 additions and 0 deletions
@@ -334,6 +334,16 @@ export async function init() {
  app.use(errorLoggingMiddleware)
  app.use(authContextMiddleware)
  app.use(createRateLimiterMiddleware())
+  app.use(
+    async (
+      _req: express.Request,
+      res: express.Response,
+      next: express.NextFunction
+    ) => {
+      res.setHeader('Content-Security-Policy', "frame-ancestors 'none'")
+      next()
+    }
+  )
  app.use(mixpanelTrackerHelperMiddleware)

  app.use(Sentry.Handlers.errorHandler())