From 3331d1aa13433ead00a2ee53dc0e12b1414839e7 Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Fri, 15 Jul 2016 11:26:05 +0200
Subject: [PATCH] Ensure the X-Frame-Options header has a single string
 argument

---
 setup/start/nginx/appconfig.ejs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/start/nginx/appconfig.ejs b/setup/start/nginx/appconfig.ejs
index 8aeb11732..f4f99c457 100644
--- a/setup/start/nginx/appconfig.ejs
+++ b/setup/start/nginx/appconfig.ejs
@@ -25,7 +25,7 @@ server {
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
-    add_header X-Frame-Options <%= xFrameOptions %>;
+    add_header X-Frame-Options "<%= xFrameOptions %>";
 
     proxy_http_version 1.1;
     proxy_intercept_errors on;