RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add X-Frame-Options header to avoid ability to embed websites in iframes

pull/152/head
Clement Michaud 2017-10-15 18:03:18 +02:00
parent 0b33982701
commit 056565a968
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
example/nginx/nginx.conf
View File

@ -31,6 +31,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location / { location / {
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;
@ -61,6 +62,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
} }
server { server {
@ -74,6 +76,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location /auth_verify { location /auth_verify {
internal; internal;
@ -130,6 +133,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location /auth_verify { location /auth_verify {
internal; internal;
@ -169,6 +173,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location /auth_verify { location /auth_verify {
internal; internal;
@ -208,6 +213,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location /auth_verify { location /auth_verify {
internal; internal;
@ -247,6 +253,7 @@ http {
ssl_certificate_key /etc/ssl/server.key; ssl_certificate_key /etc/ssl/server.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location /auth_verify { location /auth_verify {
internal; internal;