From 5c3892313eb523a1b20ab675de90e4b070dd2ad9 Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Tue, 19 Oct 2021 14:41:05 +0800 Subject: [PATCH] add env var: UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN --- docker/dockerfile | 5 +++-- server/server.js | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docker/dockerfile b/docker/dockerfile index 27ee9736d..e2a3725fa 100644 --- a/docker/dockerfile +++ b/docker/dockerfile @@ -31,14 +31,15 @@ WORKDIR / RUN apt update && \ apt --yes install curl file +COPY --from=build /app /app + +ARG VERSION=1.9.1 ARG GITHUB_TOKEN ARG TARGETARCH ARG PLATFORM=debian -ARG VERSION=1.9.0 ARG FILE=$PLATFORM-$TARGETARCH-$VERSION.tar.gz ARG DIST=dist.tar.gz -COPY --from=build /app /app RUN chmod +x /app/extra/upload-github-release-asset.sh # Full Build diff --git a/server/server.js b/server/server.js index 8156e4e3d..b7f531990 100644 --- a/server/server.js +++ b/server/server.js @@ -77,6 +77,7 @@ const port = parseInt(process.env.UPTIME_KUMA_PORT || process.env.PORT || args.p // SSL const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["ssl-key"] || undefined; const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined; +const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || false; // 2FA / notp verification defaults const twofa_verification_opts = { @@ -121,7 +122,9 @@ app.use(express.json()); // Global Middleware app.use(function (req, res, next) { - res.setHeader("X-Frame-Options", "SAMEORIGIN"); + if (disableFrameSameOrigin) { + res.setHeader("X-Frame-Options", "SAMEORIGIN"); + } res.removeHeader("X-Powered-By"); next(); });