()
| 168 | } |
| 169 | |
| 170 | export function getIframeSecurityHeaders(): Record<string, string> { |
| 171 | const allowedOrigins = getAllowedIframeOrigins() |
| 172 | |
| 173 | if (allowedOrigins === '*') { |
| 174 | return { |
| 175 | 'Content-Security-Policy': 'frame-ancestors *' |
| 176 | } |
| 177 | } |
| 178 | |
| 179 | if (allowedOrigins === "'self'") { |
| 180 | return { |
| 181 | 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}`, |
| 182 | 'X-Frame-Options': 'SAMEORIGIN' |
| 183 | } |
| 184 | } |
| 185 | |
| 186 | if (allowedOrigins === "'none'") { |
| 187 | return { |
| 188 | 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}`, |
| 189 | 'X-Frame-Options': 'DENY' |
| 190 | } |
| 191 | } |
| 192 | |
| 193 | return { |
| 194 | 'Content-Security-Policy': `frame-ancestors ${allowedOrigins}` |
| 195 | } |
| 196 | } |
no test coverage detected