cmd/packserver: add --frames option

Allows override of the X-Frame-Options header on the handler.
2022-07-06 10:33:52 +01:00 · 2022-07-06 10:33:52 +01:00 · 565a269cef
parent 16d836da9a
commit 565a269cef
1 changed files with 20 additions and 0 deletions
--- a/cmd/packserver/main.go
+++ b/cmd/packserver/main.go
@ -51,6 +51,8 @@ func main() {
 		"Tell client how long it can cache data for; 0 means no caching")
 	rootCmd.Flags().String("fallback-404", "",
 		"Name of file to return if response would be 404 (spa.html or similar)")
+	rootCmd.Flags().String("frames", "sameorigin",
+		"Override X-Frame-Options header (can be sameorigin, deny, allow)")

 	if err := rootCmd.Execute(); err != nil {
 		fmt.Fprintln(os.Stderr, err)
@ -82,6 +84,23 @@ func run(c *cobra.Command, args []string) error {
 		certFile = keyFile
 	}

+	// parse frames header
+	framesHeader := "SAMEORIGIN"
+	frames, err := c.Flags().GetString("frames")
+	if err != nil {
+		return err
+	}
+	switch frames {
+	case "sameorigin":
+		framesHeader = "SAMEORIGIN"
+	case "allow":
+		framesHeader = ""
+	case "deny":
+		framesHeader = "DENY"
+	default:
+		return errors.New("--frames must be one of sameorigin, deny, allow")
+	}
+
 	// parse extra headers
 	extraHeaders := make(http.Header)
 	hdrs, err := c.Flags().GetStringSlice("header")
@ -169,6 +188,7 @@ func run(c *cobra.Command, args []string) error {
 			return fmt.Errorf("%s: fallback-404 resource %q "+
 				"not found in packfile", prefix, fallback404File)
 		}
+		packHandler.SetHeader("X-Frame-Options", framesHeader)

 		handler := &addHeaders{
 			extraHeaders: extraHeaders,