...
request - the HTTP request object, which can be read to conditionally change headers.
response - the HTTP response object before it gets sent to the client.
The module is loaded upon server startup and cached like any Node.js module.
Example 1
config.js setting:
Code Block | ||
---|---|---|
| ||
// Remove headers that prevent Rich Display sessions from loading inside of an iframe. customHttpHeaders: function(request, response) { response.removeHeader("X-Frame-Options"); response.removeHeader("Content-Security-Policy"); } |
...
Content of customHttpHeaders.js:
Code Block | ||
---|---|---|
| ||
module.exports = function(request, response) { response.removeHeader("X-Frame-Options");// Allow pages to be inside of iframes if the parent iframe is the same PJS server. response.removeHeadersetHeader("Content-Security-Policy", "frame-ancestors " + profound.settings.host); }; |
Click here for information on how to modify this setting.
customHttpHeaders is available in Profound.js versions after 7.4.0.