jramos/cve-dashboard
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Fix: Allow iframe embedding from frontend origin using CSP frame-ancestors

Browse Source
This commit is contained in:
jramos
2026-02-13 11:14:59 -07:00
parent 0e89251bac
commit 241ff16bb4
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/routes/knowledgeBase.js
View File

@@ -241,6 +241,9 @@ function createKnowledgeBaseRouter(db, upload) {
res.setHeader('Content-Type', contentType); res.setHeader('Content-Type', contentType);
// Use inline instead of attachment to allow browser to display // Use inline instead of attachment to allow browser to display
res.setHeader('Content-Disposition', `inline; filename="${row.file_name}"`); res.setHeader('Content-Disposition', `inline; filename="${row.file_name}"`);
// Allow iframe embedding from frontend origin
res.removeHeader('X-Frame-Options');
res.setHeader('Content-Security-Policy', "frame-ancestors 'self' http://71.85.90.9:3000 http://localhost:3000");
res.sendFile(row.file_path); res.sendFile(row.file_path);
}); });
}); });