jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove X-Frame-Options

Browse Source 
This option is now obsolete in the standards and browsers are complaining.
This needs to move to be a CSP header but this is hard to do from outside
the app (since it has to be 'merged' with the app's existing CSP).

fixes #596
This commit is contained in:
Girish Ramakrishnan
2019-05-20 10:08:53 -07:00
parent 3fe539436b
commit 9d2f81d6b9
6 changed files with 8 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/reverseproxy.js
View File

@@ -392,7 +392,6 @@ function writeAdminNginxConfig(bundle, configFileName, vhost, callback) {
endpoint: 'admin',
certFilePath: bundle.certFilePath,
keyFilePath: bundle.keyFilePath,
xFrameOptions: 'SAMEORIGIN',
robotsTxtQuoted: JSON.stringify('User-agent: *\nDisallow: /\n')
};
var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
@@ -457,8 +456,7 @@ function writeAppNginxConfig(app, bundle, callback) {
endpoint: endpoint,
certFilePath: bundle.certFilePath,
keyFilePath: bundle.keyFilePath,
robotsTxtQuoted: app.robotsTxt ? JSON.stringify(app.robotsTxt) : null,
xFrameOptions: app.xFrameOptions || 'SAMEORIGIN' // once all apps have been updated/
robotsTxtQuoted: app.robotsTxt ? JSON.stringify(app.robotsTxt) : null
};
var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
@@ -487,8 +485,7 @@ function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {
endpoint: 'redirect',
certFilePath: bundle.certFilePath,
keyFilePath: bundle.keyFilePath,
robotsTxtQuoted: null,
xFrameOptions: 'SAMEORIGIN'
robotsTxtQuoted: null
};
var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);