From 6b8fdc1a989c46d093d901177469411079bba071 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 31 Aug 2018 22:37:49 -0400 Subject: [PATCH] add X-Frame-Options specifically --- util/Nginx/security-headers.conf | 1 - util/Setup/Templates/NginxConfig.hbs | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/util/Nginx/security-headers.conf b/util/Nginx/security-headers.conf index 3f1c79f89..c23d1b497 100644 --- a/util/Nginx/security-headers.conf +++ b/util/Nginx/security-headers.conf @@ -1,4 +1,3 @@ add_header Referrer-Policy same-origin; -add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; \ No newline at end of file diff --git a/util/Setup/Templates/NginxConfig.hbs b/util/Setup/Templates/NginxConfig.hbs index e622ca1b8..c756fd914 100644 --- a/util/Setup/Templates/NginxConfig.hbs +++ b/util/Setup/Templates/NginxConfig.hbs @@ -55,6 +55,7 @@ server { {{/if}} include /etc/nginx/security-headers.conf; add_header Content-Security-Policy "{{{ContentSecurityPolicy}}}"; + add_header X-Frame-Options SAMEORIGIN; } location = /app-id.json { @@ -103,5 +104,10 @@ server { location /admin { proxy_pass http://admin:5000; +{{#if Ssl}} + include /etc/nginx/security-headers-ssl.conf; +{{/if}} + include /etc/nginx/security-headers.conf; + add_header X-Frame-Options SAMEORIGIN; } }