Handling Edge Cases
Handling Edge Cases
Legitimate iframe usage scenarios:
- Social media embeds
- Payment gateway integrations
- Customer support chat widgets
- Analytics and monitoring tools
- Embedded maps and videos
Solution for mixed requirements:
const frameableRoutes = [
'/widgets/chat',
'/embed/video/*',
'/public/map'
];
app.use((req, res, next) => {
const isFrameable = frameableRoutes.some(route => {
const regex = new RegExp('^' + route.replace(/\*/g, '.*') + '$');
return regex.test(req.path);
});
if (!isFrameable) {
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
}
next();
});