7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace obsoleted X-Frame-Options with frame-ancestors

This commit is contained in:
jcgoette 2021-05-24 19:33:42 -04:00
parent c261892de4
commit 0193780ad4
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/nginxconfig/generators/conf/security.conf.js
View File

@ -30,7 +30,6 @@ export default (domains, global) => {
const config = [];
config.push(['# security headers', '']);
config.push(['add_header X-Frame-Options', '"SAMEORIGIN" always']);
config.push(['add_header X-XSS-Protection', '"1; mode=block" always']);
config.push(['add_header X-Content-Type-Options', '"nosniff" always']);
config.push(['add_header Referrer-Policy', `"${global.security.referrerPolicy.computed}" always`]);

2
src/nginxconfig/templates/global_sections/security.vue
View File

@ -161,7 +161,7 @@ THE SOFTWARE.
enabled: true,
},
contentSecurityPolicy: {
default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'',
default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
enabled: true,
},
serverTokens: {