Commit aa1fdadd authored by Joshua Tauberer's avatar Joshua Tauberer

hotfix merge #755 - Prevent click jacking of the management interface

parent 7fa9baf3
......@@ -4,6 +4,10 @@ CHANGELOG
In Development
--------------
Control panel:
* Prevent click-jacking of the management interface by adding HTTP headers.
Setup:
* Setup dialogs did not appear correctly when connecting to SSH using Putty on Windows.
......
......@@ -6,6 +6,9 @@
location /admin/ {
proxy_pass http://127.0.0.1:10222/;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
}
# ownCloud configuration.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment