nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-08 22:58:11 -05:00
Code

enabled X-Frame-Options header

Browse Source
This commit is contained in:
Kyle Spearrin 2018-08-31 12:16:36 -04:00
parent d4c35a98b7
commit 566471cae8
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
util/Setup/Templates/NginxConfig.hbs
View File

@ -47,7 +47,7 @@ server {
# Security headers # Security headers
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
#add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
{{#if Ssl}} {{#if Ssl}}
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age
@ -67,6 +67,16 @@ server {
add_header Content-Type $fido_content_type; add_header Content-Type $fido_content_type;
} }
location = /duo-connector.html {
proxy_pass http://web:5000/duo-connector.html;
proxy_hide_header X-Frame-Options;
}
location = /u2f-connector.html {
proxy_pass http://web:5000/u2f-connector.html;
proxy_hide_header X-Frame-Options;
}
location /attachments/ { location /attachments/ {
proxy_pass http://attachments:5000/; proxy_pass http://attachments:5000/;
} }