external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-25 02:47:04 +00:00
Code Issues Releases Wiki Activity

hotfix merge #755 - Prevent click jacking of the management interface

Browse Source
This commit is contained in:
Joshua Tauberer 2016-03-23 16:53:48 -04:00
parent 7fa9baf308
commit aa1fdaddaf
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -4,6 +4,10 @@ CHANGELOG
In Development In Development
-------------- --------------
Control panel:
* Prevent click-jacking of the management interface by adding HTTP headers.
Setup: Setup:
* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows. * Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.

3
conf/nginx-primaryonly.conf
View File

@ -6,6 +6,9 @@
location /admin/ { location /admin/ {
proxy_pass http://127.0.0.1:10222/; proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
} }
# ownCloud configuration. # ownCloud configuration.