add env var: UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN

codered · Oct 19, 2021 · 5c38923 · 5c38923
1 parent c57c946
commit 5c38923
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/docker/dockerfile b/docker/dockerfile
@@ -31,14 +31,15 @@ WORKDIR /
 RUN apt update && \
     apt --yes install curl file
 
+COPY --from=build /app /app
+
+ARG VERSION=1.9.1
 ARG GITHUB_TOKEN
 ARG TARGETARCH
 ARG PLATFORM=debian
-ARG VERSION=1.9.0
 ARG FILE=$PLATFORM-$TARGETARCH-$VERSION.tar.gz
 ARG DIST=dist.tar.gz
 
-COPY --from=build /app /app
 RUN chmod +x /app/extra/upload-github-release-asset.sh
 
 # Full Build

diff --git a/server/server.js b/server/server.js
@@ -77,6 +77,7 @@ const port = parseInt(process.env.UPTIME_KUMA_PORT || process.env.PORT || args.p
 // SSL
 const sslKey = process.env.UPTIME_KUMA_SSL_KEY || process.env.SSL_KEY || args["ssl-key"] || undefined;
 const sslCert = process.env.UPTIME_KUMA_SSL_CERT || process.env.SSL_CERT || args["ssl-cert"] || undefined;
+const disableFrameSameOrigin = !!process.env.UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN || false;
 
 // 2FA / notp verification defaults
 const twofa_verification_opts = {
@@ -121,7 +122,9 @@ app.use(express.json());
 
 // Global Middleware
 app.use(function (req, res, next) {
-    res.setHeader("X-Frame-Options", "SAMEORIGIN");
+    if (disableFrameSameOrigin) {
+        res.setHeader("X-Frame-Options", "SAMEORIGIN");
+    }
     res.removeHeader("X-Powered-By");
     next();
 });