Skip to content

domharrington/x-frame-options

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
.jshintignore
.jshintignore
 
 
.jshintrc
.jshintrc
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
example.js
example.js
 
 
index.js
index.js
 
 
package.json
package.json
 
 
test.js
test.js
 
 

Repository files navigation

x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

build status

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

  var express = require('express')
  var app = express()
  var xFrameOptions = require('x-frame-options')

  app.use(xFrameOptions())

  app.get('/', function (req, res) {
    res.get('X-Frame-Options') // === 'Deny'
  })

  app.listen(3000)

Usage

  var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License

About

Express middleware to add an X-Frame-Options response header

Resources

Readme
Activity

Stars

11 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages