From 646b9de6ca4a0e5bb92321fd3893d0c285252dd7 Mon Sep 17 00:00:00 2001
From: Jaifroid <egk10@cam.ac.uk>
Date: Sun, 10 Nov 2024 15:24:12 +0000
Subject: [PATCH] Revert too restrictive CORS for now

---
 main.cjs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.cjs b/main.cjs
index df4b8e1d..905d597a 100644
--- a/main.cjs
+++ b/main.cjs
@@ -218,7 +218,7 @@ app.whenReady().then(() => {
     // Add security headers
     server.use((req, res, next) => {
         res.setHeader('X-Content-Type-Options', 'nosniff');
-        res.setHeader('X-Frame-Options', 'DENY');
+        // res.setHeader('X-Frame-Options', 'SAMEORIGIN');
         res.setHeader('X-XSS-Protection', '1; mode=block');
         // We already set the CSP in the HTML file and in the SErviceWorker...
         // res.setHeader('Content-Security-Policy', "default-src 'self'");
@@ -237,7 +237,7 @@ app.whenReady().then(() => {
             app.quit();
             return;
         }
-        expressServer = server.listen(port, '127.0.0.1', () => {
+        expressServer = server.listen(port, () => {
             console.log(`Server running on port ${port}`);
             // Create the new window
             createWindow();