MCPcopy
hub / github.com/FlowiseAI/Flowise / getIframeSecurityHeaders

Function getIframeSecurityHeaders

packages/server/src/utils/XSS.ts:170–196  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

168}
169
170export function getIframeSecurityHeaders(): Record<string, string> {
171 const allowedOrigins = getAllowedIframeOrigins()
172
173 if (allowedOrigins === '*') {
174 return {
175 'Content-Security-Policy': 'frame-ancestors *'
176 }
177 }
178
179 if (allowedOrigins === "'self'") {
180 return {
181 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}`,
182 'X-Frame-Options': 'SAMEORIGIN'
183 }
184 }
185
186 if (allowedOrigins === "'none'") {
187 return {
188 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}`,
189 'X-Frame-Options': 'DENY'
190 }
191 }
192
193 return {
194 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}`
195 }
196}

Callers 2

configMethod · 0.90
XSS.test.tsFile · 0.90

Calls 1

getAllowedIframeOriginsFunction · 0.85

Tested by

no test coverage detected