Merge pull request #104 from coralproject/fix/iframe-injection

Allow embedding into third-party websites
This commit is contained in:
David Jay
2016-11-29 11:23:16 -05:00
committed by GitHub
+4 -1
View File
@@ -22,7 +22,10 @@ if (app.get('env') !== 'test') {
//==============================================================================
app.set('trust proxy', 1);
app.use(helmet());
// We disable frameward on helmet to allow crossdomain injection of the embed
app.use(helmet({
frameguard: false
}));
app.use(bodyParser.json());
app.use('/client', express.static(path.join(__dirname, 'dist')));
app.set('views', path.join(__dirname, 'views'));