Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing

This commit is contained in:
Michael Kroes 2016-03-13 18:40:02 +01:00
parent e343061cf4
commit 44705a32b7

View file

@ -6,7 +6,9 @@
location /admin/ {
proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
}
# ownCloud configuration.