diff --git a/lib/browserid/views.js b/lib/browserid/views.js index 9380f9b5ddc22723e033ecc6445029e17c629487..cf69215d5eaacf51a9b849b0c693409ce00108eb 100644 --- a/lib/browserid/views.js +++ b/lib/browserid/views.js @@ -41,6 +41,20 @@ function renderCachableView(req, res, template, options) { } exports.setup = function(app) { + + // Issue#1353 This is kind of dirty, but this is our last chance + // to fixup headers for an ETag cache hit + // x-frame-options - Allow these to be run within a frame + app.use(function (req, resp, next) { + if (req.path === '/communication_iframe') { + resp.removeHeader('x-frame-options'); + } else if (req.path === '/relay') { + res.removeHeader('x-frame-options'); + } + next(); + }); + + // Caching for dynamic resources app.use(etagify()); app.set("views", VIEW_PATH); @@ -77,7 +91,7 @@ exports.setup = function(app) { }); app.get('/communication_iframe', function(req, res, next ) { - res.removeHeader('x-frame-options'); + renderCachableView(req, res, 'communication_iframe.ejs', { layout: false, production: config.get('use_minified_resources') @@ -94,8 +108,6 @@ exports.setup = function(app) { // Used for a relay page for communication. app.get("/relay", function(req, res, next) { - // Allow the relay to be run within a frame - res.removeHeader('x-frame-options'); renderCachableView(req, res, 'relay.ejs', { layout: false, production: config.get('use_minified_resources')