beenull/power-mailinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing

Browse source
This commit is contained in:
Michael Kroes 2016-03-13 18:40:02 +01:00
parent e343061cf4
commit 44705a32b7
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
conf/nginx-primaryonly.conf
View file

@ -6,7 +6,9 @@
location /admin/ { location /admin/ {
proxy_pass http://127.0.0.1:10222/; proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
} }
# ownCloud configuration. # ownCloud configuration.