From ceacc83d97b04e904df36b9c43b25e0a9312f5c5 Mon Sep 17 00:00:00 2001
From: Trey <trey.hayden.ctr@adlnet.gov>
Date: Fri, 15 Sep 2023 13:18:34 -0400
Subject: [PATCH 1/2] adding x-frame-options header option

---
 src/main/server.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/server.js b/src/main/server.js
index c4953eb24..2de2bfc70 100644
--- a/src/main/server.js
+++ b/src/main/server.js
@@ -127,6 +127,13 @@ if (process.env.DISABLED_EDITOR != 'true') {
     app.use(baseUrl+'cass-editor/', express.static('src/main/webapp/'));
 }
 
+if (process.env.INCLUDE_SAMEORIGIN_IFRAME_HEADER == "true") {
+    app.use((req, res, next) => {
+        res.setHeader("X-Frame-Options", "max-age=31536000")
+        next();
+    });
+}
+
 if (process.env.INCLUDE_STRICT_TRANSPORT_SECURITY_HEADER == "true") {
     app.use((req, res, next) => {
 

From 2c81ea2d9c5b6366c919429f55e34ee1e198ebe6 Mon Sep 17 00:00:00 2001
From: Trey <trey.hayden.ctr@adlnet.gov>
Date: Fri, 15 Sep 2023 13:25:08 -0400
Subject: [PATCH 2/2] fixing the copy/paste iframe header value

---
 src/main/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/server.js b/src/main/server.js
index 2de2bfc70..e5789eb29 100644
--- a/src/main/server.js
+++ b/src/main/server.js
@@ -129,7 +129,7 @@ if (process.env.DISABLED_EDITOR != 'true') {
 
 if (process.env.INCLUDE_SAMEORIGIN_IFRAME_HEADER == "true") {
     app.use((req, res, next) => {
-        res.setHeader("X-Frame-Options", "max-age=31536000")
+        res.setHeader("X-Frame-Options", "SAMEORIGIN")
         next();
     });
 }