Revert too restrictive CORS for now

2025-08-03 11:28:21 -04:00 · 2024-11-10 15:24:12 +00:00 · 2024-11-10 15:24:12 +00:00 · 646b9de6ca
commit 646b9de6ca
parent 00b8e50fc9
1 changed files with 2 additions and 2 deletions
--- a/main.cjs
+++ b/main.cjs
@ -218,7 +218,7 @@ app.whenReady().then(() => {
    // Add security headers
    server.use((req, res, next) => {
        res.setHeader('X-Content-Type-Options', 'nosniff');
-        res.setHeader('X-Frame-Options', 'DENY');
+        // res.setHeader('X-Frame-Options', 'SAMEORIGIN');
        res.setHeader('X-XSS-Protection', '1; mode=block');
        // We already set the CSP in the HTML file and in the SErviceWorker...
        // res.setHeader('Content-Security-Policy', "default-src 'self'");
@ -237,7 +237,7 @@ app.whenReady().then(() => {
            app.quit();
            return;
        }
-        expressServer = server.listen(port, '127.0.0.1', () => {
+        expressServer = server.listen(port, () => {
            console.log(`Server running on port ${port}`);
            // Create the new window
            createWindow();