From a7fc9c4b2487c0a72d6ed088e1cfb9e7e20f0907 Mon Sep 17 00:00:00 2001
From: smart_ex <sergei.smart@gmail.com>
Date: Tue, 12 Apr 2022 19:36:14 +1000
Subject: [PATCH] block iframe

---
 src/router.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/router.js b/src/router.js
index 16c8baa..e93733b 100644
--- a/src/router.js
+++ b/src/router.js
@@ -3,6 +3,7 @@ const router = require('express').Router()
 
 // Add CORS headers
 router.use((req, res, next) => {
+  res.header('X-Frame-Options', 'DENY')
   res.header('Access-Control-Allow-Origin', '*')
   res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept')
   next()