From 3b55886c450f14e289dd962a11afd338e6bfe13c Mon Sep 17 00:00:00 2001 From: Karsten Hassel Date: Fri, 13 May 2022 22:25:18 +0200 Subject: [PATCH] added a new config option `httpHeaders` used by helmet --- CHANGELOG.md | 2 ++ js/defaults.js | 3 +++ js/server.js | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f7e61de..29874d64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ _This release is scheduled to be released on 2022-07-01._ ### Added +- Added a new config option `httpHeaders` used by helmet (see https://helmetjs.github.io/). You can now set own httpHeaders which will override the defaults in `js/defauls.js` which is useful e.g. if you want to embed MagicMirror into annother website (solves #2847). + ### Updated ### Fixed diff --git a/js/defaults.js b/js/defaults.js index a897077a..b2edb8e4 100644 --- a/js/defaults.js +++ b/js/defaults.js @@ -25,6 +25,9 @@ const defaults = { units: "metric", zoom: 1, customCss: "css/custom.css", + // httpHeaders used by helmet, see https://helmetjs.github.io/. You can add other/more object values by overriding this in config.js, + // e.g. you need to add `frameguard: false` for embedding MagicMirror in another website, see https://github.com/MichMich/MagicMirror/issues/2847 + httpHeaders: { contentSecurityPolicy: false, crossOriginOpenerPolicy: false, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: false, originAgentCluster: false }, modules: [ { diff --git a/js/server.js b/js/server.js index 7a298cdb..3e73e99a 100644 --- a/js/server.js +++ b/js/server.js @@ -69,7 +69,7 @@ function Server(config, callback) { res.status(403).send("This device is not allowed to access your mirror.
Please check your config.js or config.js.sample to change this."); }); }); - app.use(helmet({ contentSecurityPolicy: false, crossOriginOpenerPolicy: false, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: false, originAgentCluster: false })); + app.use(helmet(config.httpHeaders)); app.use("/js", express.static(__dirname));