external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hotfix merge #755 - Prevent click jacking of the management interface

This commit is contained in:
Joshua Tauberer 2016-03-23 16:53:48 -04:00
parent 7fa9baf308
commit aa1fdaddaf
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -4,6 +4,10 @@ CHANGELOG
In Development
--------------
Control panel:
* Prevent click-jacking of the management interface by adding HTTP headers.
Setup:
* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.

3
conf/nginx-primaryonly.conf
View File

@ -6,6 +6,9 @@
location /admin/ {
proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
}
# ownCloud configuration.