opnform-host-nginx/client/server/plugins/embeddable.js

export default defineNitroPlugin(nitroApp => {
  nitroApp.hooks.hook('render:response', (response, { event }) => {
    const routePath = event.node?.req?.url || event.node?.req?.originalUrl
    // const routePath= event.context.params._
    if (routePath && !routePath.startsWith('/forms/')) {
      console.error('Not a form, setting X-Frame-Options', routePath)
      // Only allow embedding of forms
      response.headers['X-Frame-Options'] = 'sameorigin'
    }

    delete response.headers['x-powered-by']
  })
})
Embeddable form as a nuxt middleware 2024-01-12 11:35:50 +01:00			`export default defineNitroPlugin(nitroApp => {`
			`nitroApp.hooks.hook('render:response', (response, { event }) => {`
Fix URL for embeddable middleware 2024-01-12 11:44:59 +01:00			`const routePath = event.node?.req?.url \|\| event.node?.req?.originalUrl`
			`// const routePath= event.context.params._`
Debugging embeddable on amplify 2024-01-12 12:00:01 +01:00			`if (routePath && !routePath.startsWith('/forms/')) {`
Fix user impersonation 2024-01-16 11:23:16 +01:00			`console.error('Not a form, setting X-Frame-Options', routePath)`
Embeddable form as a nuxt middleware 2024-01-12 11:35:50 +01:00			`// Only allow embedding of forms`
			`response.headers['X-Frame-Options'] = 'sameorigin'`
			`}`
Debugging embeddable on amplify 2024-01-12 12:00:01 +01:00
			`delete response.headers['x-powered-by']`
Embeddable form as a nuxt middleware 2024-01-12 11:35:50 +01:00			`})`
			`})`