1.0.0 • Published 9 years ago

x-frame-options v1.0.0

Weekly downloads
3,871
License
BSD-2-Clause
Repository
github
Last release
9 years ago

x-frame-options express middleware

Express middleware to add an X-Frame-Options response header

build status

The X-Frame-Options header can be used to to indicate whether a browser is allowed to render a page within an <iframe> element or not. This is helpful to prevent clickjacking attacks by ensuring your content is not embedded within other sites. See more here: https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Example

  var express = require('express')
  var app = express()
  var xFrameOptions = require('x-frame-options')

  app.use(xFrameOptions())

  app.get('/', function (req, res) {
    res.get('X-Frame-Options') // === 'Deny'
  })

  app.listen(3000)

Usage

  var xFrameOptions = require('x-frame-options')

var middleware = xFrameOptions(headerValue = 'Deny')

Returns an express middleware function. Allows you to specify the value of the header, defaults to 'Deny' for the strongest protection.

Installation

npm install x-frame-options --save

Credits

Dom Harrington

License

Licensed under the New BSD License