From 75d5c0e356664f378a7c5bedbe9f753e71f70ddb Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Sun, 4 Jun 2023 21:18:22 +0000
Subject: [PATCH] feat: prevent from being used in iframe

---
 packages/backend/src/helpers/web-ui-handler.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/backend/src/helpers/web-ui-handler.ts b/packages/backend/src/helpers/web-ui-handler.ts
index 3509f122..23484b3e 100644
--- a/packages/backend/src/helpers/web-ui-handler.ts
+++ b/packages/backend/src/helpers/web-ui-handler.ts
@@ -10,7 +10,12 @@ const webUIHandler = async (app: Application) => {
   const indexHtml = join(dirname(webAppPath), 'build', 'index.html');
 
   app.use(express.static(webBuildPath));
-  app.get('*', (_req, res) => res.sendFile(indexHtml));
+  app.get('*', (_req, res) => {
+    res.set('Content-Security-Policy', 'frame-ancestors: none;');
+    res.set('X-Frame-Options', 'DENY');
+
+    res.sendFile(indexHtml);
+  });
 };
 
 export default webUIHandler;