From c7261cf507f7d0a96947ffa20017b7a22bbd4b5b Mon Sep 17 00:00:00 2001 From: Manuel Raynaud Date: Thu, 19 Jun 2025 15:36:57 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(front)=20configure=20x-frame-optio?= =?UTF-8?q?ns=20to=20DENY=20in=20nginx=20conf=20(#1084)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The API has the response header x-frame-options configure to DENY and nothing is configure in the nginx configuring managing the frontend application. We want to have the same value. The header is added on all locations. --- CHANGELOG.md | 1 + src/frontend/apps/impress/conf/default.conf | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3d9457e..dbfdb9c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to - ✨(frontend) add customization for translations #857 - 📝(project) add troubleshoot doc #1066 - 📝(project) add system-requirement doc #1066 +- 🔧(front) configure x-frame-options to DENY in nginx conf #1084 ### Changed diff --git a/src/frontend/apps/impress/conf/default.conf b/src/frontend/apps/impress/conf/default.conf index 5fe19bc4..eb17e777 100644 --- a/src/frontend/apps/impress/conf/default.conf +++ b/src/frontend/apps/impress/conf/default.conf @@ -7,10 +7,14 @@ server { location / { try_files $uri index.html $uri/ =404; + + add_header X-Frame-Options DENY always; } location ~ "^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$" { try_files $uri /docs/[id]/index.html; + + add_header X-Frame-Options DENY always; } error_page 404 /404.html;