Add HTTPSecurityHeaders.CustomFrameOptionsValue option.

Requested in https://github.com/navidrome/navidrome/issues/248#issuecomment-1783768985
2024-05-02 12:12:19 -04:00
parent 7c5eec715d
commit aef49cb8d6
2 changed files with 12 additions and 4 deletions
@@ -98,10 +98,11 @@ func corsHandler() func(http.Handler) http.Handler {

 func secureMiddleware() func(http.Handler) http.Handler {
 	sec := secure.New(secure.Options{
-		ContentTypeNosniff: true,
-		FrameDeny:          true,
-		ReferrerPolicy:     "same-origin",
-		PermissionsPolicy:  "autoplay=(), camera=(), microphone=(), usb=()",
+		ContentTypeNosniff:      true,
+		FrameDeny:               true,
+		ReferrerPolicy:          "same-origin",
+		PermissionsPolicy:       "autoplay=(), camera=(), microphone=(), usb=()",
+		CustomFrameOptionsValue: conf.Server.HTTPSecurityHeaders.CustomFrameOptionsValue,
 		//ContentSecurityPolicy: "script-src 'self' 'unsafe-inline'",
 	})
 	return sec.Handler