1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-26 02:57:04 +00:00

Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing

This commit is contained in:
Michael Kroes 2016-03-13 18:40:02 +01:00
parent e343061cf4
commit 44705a32b7

View File

@ -6,7 +6,9 @@
location /admin/ { location /admin/ {
proxy_pass http://127.0.0.1:10222/; proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
} }
# ownCloud configuration. # ownCloud configuration.