Ensure the X-Frame-Options header has a single string argument

2016-07-15 11:26:05 +02:00
parent ae35c20227
commit 3331d1aa13
1 changed files with 1 additions and 1 deletions
--- a/setup/start/nginx/appconfig.ejs
+++ b/setup/start/nginx/appconfig.ejs
@@ -25,7 +25,7 @@ server {
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

    # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
-    add_header X-Frame-Options <%= xFrameOptions %>;
+    add_header X-Frame-Options "<%= xFrameOptions %>";

    proxy_http_version 1.1;
    proxy_intercept_errors on;