YunoHost-Apps/onlyoffice_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/onlyoffice_ynh.git synced 2024-09-03 19:56:11 +02:00
Code Issues Activity Actions

Properly set the iframing headers

Browse source 
- Use `more_set_headers` for the `X-Frame-Options: ALLOW-FROM`, because we actually need to replace the `SAMEORIGIN` option which is already set. Note that this directive is obsolete and is used only for old browser support purpose.
- Add an additional `Content-Security-Policy` header with the correct content. This header is the one checked by modern browsers (such as Firefox or Chrome) to allow iframing.
This commit is contained in:
curious-jeremy 2020-06-02 16:18:01 +02:00 committed by GitHub
parent 59a46b3c80
commit c82bf50708
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
conf/nginx.conf
View file

@ -10,5 +10,6 @@ location ^~ __PATH__/ {
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Options "ALLOW-FROM https://__NEXTCLOUDDOMAIN__" always; more_set_headers "X-Frame-Options: ALLOW-FROM https://__NEXTCLOUDDOMAIN__";
} add_header Content-Security-Policy "frame-ancestors __NEXTCLOUDDOMAIN__" always;
}