From b2d63b2383ffbfee72719677265258899f94e6c1 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Fri, 31 Aug 2018 17:02:49 -0400
Subject: [PATCH] reassign security headers

---
 util/Nginx/nginx.conf                |  3 ---
 util/Setup/Templates/NginxConfig.hbs | 15 +++------------
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/util/Nginx/nginx.conf b/util/Nginx/nginx.conf
index fd379fefa5..ac7e5c3fb1 100644
--- a/util/Nginx/nginx.conf
+++ b/util/Nginx/nginx.conf
@@ -140,9 +140,6 @@ http {
   map $uri $fido_content_type {
     default "application/fido.trusted-apps+json";
   }
-  
-  # Security headers
-  include security-headers.conf;
 
   # Include files in the sites-enabled folder. server{} configuration files should be
   # placed in the sites-available folder, and then the configuration should be enabled
diff --git a/util/Setup/Templates/NginxConfig.hbs b/util/Setup/Templates/NginxConfig.hbs
index f103d9688d..e622ca1b89 100644
--- a/util/Setup/Templates/NginxConfig.hbs
+++ b/util/Setup/Templates/NginxConfig.hbs
@@ -46,42 +46,33 @@ server {
 
   include /etc/nginx/security-headers-ssl.conf;
 {{/if}}
+  include /etc/nginx/security-headers.conf;
 
   location / {
     proxy_pass http://web:5000/;
-    include /etc/nginx/security-headers.conf;
 {{#if Ssl}}
     include /etc/nginx/security-headers-ssl.conf;
 {{/if}}
+    include /etc/nginx/security-headers.conf;
     add_header Content-Security-Policy "{{{ContentSecurityPolicy}}}";
   }
 
   location = /app-id.json {
     proxy_pass http://web:5000/app-id.json;
-    include /etc/nginx/security-headers.conf;
 {{#if Ssl}}
     include /etc/nginx/security-headers-ssl.conf;
 {{/if}}
+    include /etc/nginx/security-headers.conf;
     proxy_hide_header Content-Type;
     add_header Content-Type $fido_content_type;
   }
 
   location = /duo-connector.html {
     proxy_pass http://web:5000/duo-connector.html;
-    include /etc/nginx/security-headers.conf;
-{{#if Ssl}}
-    include /etc/nginx/security-headers-ssl.conf;
-{{/if}}
-    add_header X-Frame-Options "";
   }
 
   location = /u2f-connector.html {
     proxy_pass http://web:5000/u2f-connector.html;
-    include /etc/nginx/security-headers.conf;
-{{#if Ssl}}
-    include /etc/nginx/security-headers-ssl.conf;
-{{/if}}
-    add_header X-Frame-Options "";
   }
 
   location /attachments/ {