Closed lolcatw closed 2 hours ago
Nevermind, I just found out how by digging around in the codebase:
ws_server.on("headers", function(headers){
headers.push("Content-Security-Policy: frame-ancestors 'none'");
headers.push("X-Frame-Options: DENY");
});
This will send headers from the server to the client.
Is there an existing issue for this?
Description
I've been looking all around for ways to do this. I have a websocket SERVER running. I perform the upgrade and all goes well. But there is one problem, the headers are hardcoded as this
I wish I could set additional headers like frame options to prevent cross site requests. Can someone help?
ws version
8.18.0
Node.js Version
v18.19.0