UNPKG

agneta-platform

Version:

Agneta Platform - Integrate and customize business applications

github.com/agneta/platform

agneta/platform

73 lines (57 loc) 1.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
const _ = require('lodash'); const url = require('url'); module.exports = function(app){ var config = app.get('frameguard'); var allowOrigin; var allowHost; if(config){ allowOrigin = _.zipObject(config.allow, _.map(config.allow, function() { return true; })); allowHost = _.zipObject(_.map(config.allow, function(origin) { return url.parse(origin).host; }),config.allow); }else{ allowOrigin = {}; allowHost = {}; } //console.log(allowHost); app.frameguard = function(options) { var req = options.req; var res = options.res; var headers = options.headers; var value; if(config){ var origin = req.get('origin'); if(allowOrigin[origin]){ value = origin; } if(!value){ var referer = req.get('referer'); var host = referer?url.parse(referer).host:req.get('host'); if(allowHost[host]){ value = allowHost[host]; } } //console.log('frameguard.origin',origin,host); } var _headers = [ { name: 'X-Frame-Options', value: value?`ALLOW-FROM ${value}`:'SAMEORIGIN' }, { name: 'Content-Security-Policy', value: `frame-ancestors ${value||'self'}` } ]; for(var _header of _headers){ if(headers){ headers[_header.name] = _header.value; } if(res){ res.setHeader(_header.name,_header.value); } } }; };