From c533e8c33d2696408097f7a22e0d64e785610e88 Mon Sep 17 00:00:00 2001 From: Andrew Hebert Date: Wed, 14 Feb 2024 11:55:39 -0500 Subject: [PATCH] in :browser pipeline instead --- .../controllers/accounts/user_settings_controller.ex | 8 +------- lib/recognizer_web/router.ex | 10 ++++++++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex index 2b646f50..0d7ea4aa 100644 --- a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex @@ -10,13 +10,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do if Application.get_env(:recognizer, :redirect_url) && !get_session(conn, :bc) do redirect(conn, external: Application.get_env(:recognizer, :redirect_url)) else - conn - |> delete_resp_header("x-frame-options") - |> put_resp_header( - "Content-Security-Policy", - "default-src 'self'; frame-ancestors 'self' https://bigcommerce.com;" - ) - |> render("edit.html") + render(conn, "edit.html") end end diff --git a/lib/recognizer_web/router.ex b/lib/recognizer_web/router.ex index 9067892e..a88b0c55 100644 --- a/lib/recognizer_web/router.ex +++ b/lib/recognizer_web/router.ex @@ -11,6 +11,7 @@ defmodule RecognizerWeb.Router do plug :fetch_flash plug :protect_from_forgery plug :put_secure_browser_headers, @hsts_header + plug :allow_bc_frame end pipeline :api do @@ -45,6 +46,15 @@ defmodule RecognizerWeb.Router do conn end + defp allow_bc_frame(conn, _opts), + do: + conn + |> delete_resp_header("x-frame-options") + |> put_resp_header( + "Content-Security-Policy", + "default-src 'self'; frame-ancestors 'self' https://bigcommerce.com;" + ) + scope "/", RecognizerWeb do pipe_through [:browser, :bc]