external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing

This commit is contained in:
Michael Kroes 2016-03-13 18:40:02 +01:00
parent e343061cf4
commit 44705a32b7
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/nginx-primaryonly.conf
View File

@ -6,7 +6,9 @@
location /admin/ {
proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
}
# ownCloud configuration.