From 935948fa2b2eac606064c35ee15db7b8a46746a6 Mon Sep 17 00:00:00 2001
From: Chris Blankenship <chris@dscoduc.com>
Date: Tue, 26 Apr 2016 13:24:15 -0700
Subject: [PATCH] Added X-Frame-Options protection for nginx

---
 conf/nginx.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 0a08439e..9b6dfa63 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -43,5 +43,8 @@ server {
 	ssl_certificate $SSL_CERTIFICATE;
 	ssl_certificate_key $SSL_KEY;
 
+	# Add protection against clickjacking attacks by adding an X-Frame-Options
+	add_header X-Frame-Options "SAMEORIGIN";
+
 	# ADDITIONAL DIRECTIVES HERE
 }