From be349ec9d92f564dad17251a7af286da8dad8089 Mon Sep 17 00:00:00 2001
From: video-prize-ranch <cb.8a3w5@simplelogin.co>
Date: Sat, 16 Jul 2022 16:02:59 -0400
Subject: [PATCH] Allow embedding embeds

---
 pages/frontpage.go  | 1 +
 pages/post.go       | 1 +
 pages/tag.go        | 1 +
 pages/user.go       | 1 +
 utils/setHeaders.go | 1 -
 5 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pages/frontpage.go b/pages/frontpage.go
index cf992ad..9321fd6 100644
--- a/pages/frontpage.go
+++ b/pages/frontpage.go
@@ -9,6 +9,7 @@ import (
 
 func HandleFrontpage(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
+	c.Set("X-Frame-Options", "DENY")
 	c.Set("Cache-Control", "public,max-age=31557600")
 	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 
diff --git a/pages/post.go b/pages/post.go
index 4a41358..6a241d7 100644
--- a/pages/post.go
+++ b/pages/post.go
@@ -11,6 +11,7 @@ import (
 
 func HandlePost(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
+	c.Set("X-Frame-Options", "DENY")
 	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 
 	post, err := types.Album{}, error(nil)
diff --git a/pages/tag.go b/pages/tag.go
index 1288f9f..a99c3e4 100644
--- a/pages/tag.go
+++ b/pages/tag.go
@@ -10,6 +10,7 @@ import (
 
 func HandleTag(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
+	c.Set("X-Frame-Options", "DENY")
 	c.Set("Cache-Control", "public,max-age=604800")
 	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; media-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 
diff --git a/pages/user.go b/pages/user.go
index 85538b2..9a59c74 100644
--- a/pages/user.go
+++ b/pages/user.go
@@ -12,6 +12,7 @@ import (
 
 func HandleUser(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
+	c.Set("X-Frame-Options", "DENY")
 	c.Set("Cache-Control", "public,max-age=604800")
 	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 
diff --git a/utils/setHeaders.go b/utils/setHeaders.go
index 4c6f89c..cff477a 100644
--- a/utils/setHeaders.go
+++ b/utils/setHeaders.go
@@ -3,7 +3,6 @@ package utils
 import "github.com/gofiber/fiber/v2"
 
 func SetHeaders(c *fiber.Ctx) {
-	c.Set("X-Frame-Options", "DENY")
 	c.Set("Referrer-Policy", "no-referrer")
 	c.Set("X-Content-Type-Options", "nosniff")
 	c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")