mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-26 02:57:04 +00:00
Never allow admin panel to be inside a frame, use both modern and old headers. Also set no content sniffing
This commit is contained in:
parent
e343061cf4
commit
44705a32b7
@ -6,7 +6,9 @@
|
|||||||
location /admin/ {
|
location /admin/ {
|
||||||
proxy_pass http://127.0.0.1:10222/;
|
proxy_pass http://127.0.0.1:10222/;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
add_header X-Frame-Options "DENY";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header Content-Security-Policy "frame-ancestors 'none';";
|
||||||
}
|
}
|
||||||
|
|
||||||
# ownCloud configuration.
|
# ownCloud configuration.
|
||||||
|
Loading…
Reference in New Issue
Block a user