From 90990cf318561d3d924d1b03198aeabe3ecb1a1d Mon Sep 17 00:00:00 2001
From: Austin King <shout@ozten.com>
Date: Wed, 28 Mar 2012 09:26:15 -0700
Subject: [PATCH] Extracting header removal logic to run before etagify
 middleware, fixes Issue#1353

---
 lib/browserid/views.js | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/browserid/views.js b/lib/browserid/views.js
index 9380f9b5d..cf69215d5 100644
--- a/lib/browserid/views.js
+++ b/lib/browserid/views.js
@@ -41,6 +41,20 @@ function renderCachableView(req, res, template, options) {
 }
 
 exports.setup = function(app) {
+
+  // Issue#1353 This is kind of dirty, but this is our last chance
+  // to fixup headers for an ETag cache hit
+  // x-frame-options - Allow these to be run within a frame
+  app.use(function (req, resp, next) {
+    if (req.path === '/communication_iframe') {
+      resp.removeHeader('x-frame-options');
+    } else if (req.path === '/relay') {
+      res.removeHeader('x-frame-options');
+    }
+    next();
+  });
+
+  // Caching for dynamic resources
   app.use(etagify());
 
   app.set("views", VIEW_PATH);
@@ -77,7 +91,7 @@ exports.setup = function(app) {
   });
 
   app.get('/communication_iframe', function(req, res, next ) {
-    res.removeHeader('x-frame-options');
+
     renderCachableView(req, res, 'communication_iframe.ejs', {
       layout: false,
       production: config.get('use_minified_resources')
@@ -94,8 +108,6 @@ exports.setup = function(app) {
 
   // Used for a relay page for communication.
   app.get("/relay", function(req, res, next) {
-    // Allow the relay to be run within a frame
-    res.removeHeader('x-frame-options');
     renderCachableView(req, res, 'relay.ejs', {
       layout: false,
       production: config.get('use_minified_resources')
-- 
GitLab