mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing
This commit is contained in:
parent
e343061cf4
commit
44705a32b7
@ -6,7 +6,9 @@
|
||||
location /admin/ {
|
||||
proxy_pass http://127.0.0.1:10222/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Content-Security-Policy "frame-ancestors 'none';";
|
||||
}
|
||||
|
||||
# ownCloud configuration.
|
||||
|
Loading…
Reference in New Issue
Block a user