From 12aaebfc54972cab4edd990f1eec519535314a69 Mon Sep 17 00:00:00 2001
From: Jawad Seddar <jawad.seddar@gmail.com>
Date: Sat, 8 May 2021 14:25:33 +0200
Subject: [PATCH] `custom.yaml`: add support for X-Frame-Options header and
 proxy_redirect off (#1954)

---
 management/web_update.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/management/web_update.py b/management/web_update.py
index 83aa91bf..5048cbab 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -160,17 +160,27 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 			for path, url in yaml.get("proxies", {}).items():
 				# Parse some flags in the fragment of the URL.
 				pass_http_host_header = False
+				proxy_redirect_off = False
+				frame_options_header_sameorigin = False
 				m = re.search("#(.*)$", url)
 				if m:
 					for flag in m.group(1).split(","):
 						if flag == "pass-http-host":
 							pass_http_host_header = True
+						elif flag == "no-proxy-redirect":
+							proxy_redirect_off = True
+						elif flag == "frame-options-sameorigin":
+							frame_options_header_sameorigin = True
 					url = re.sub("#(.*)$", "", url)
 
 				nginx_conf_extra += "\tlocation %s {" % path
 				nginx_conf_extra += "\n\t\tproxy_pass %s;" % url
+				if proxy_redirect_off:
+					nginx_conf_extra += "\n\t\tproxy_redirect off;"
 				if pass_http_host_header:
 					nginx_conf_extra += "\n\t\tproxy_set_header Host $http_host;"
+				if frame_options_header_sameorigin:
+					nginx_conf_extra += "\n\t\tproxy_set_header X-Frame-Options SAMEORIGIN;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Host $http_host;"
 				nginx_conf_extra += "\n\t\tproxy_set_header X-Forwarded-Proto $scheme;"
@@ -251,3 +261,4 @@ def get_web_domains_info(env):
 		}
 		for domain in get_web_domains(env)
 	]
+