explain why we avoid iframing
This commit is contained in:
parent
5cc772c48b
commit
0ac72104b8
|
@ -81,6 +81,8 @@ const init = async () => {
|
|||
if (!request.response.header) {
|
||||
return h.continue
|
||||
}
|
||||
// Prevent site from being iframed since that might lead people to sniff
|
||||
// out passwords
|
||||
request.response.header('X-FRAME-OPTIONS', 'deny')
|
||||
if (process.env.NODE_ENV !== 'test') {
|
||||
// CSP breaks browser-sync, so we ignore it for development
|
||||
|
|
Loading…
Reference in a new issue