From ecdcbb9219bdde7d1b3b129074b1969296c44a26 Mon Sep 17 00:00:00 2001 From: Chinmay Pai Date: Thu, 7 Mar 2019 17:22:09 +0530 Subject: [PATCH] fix: add x-frame-origin to prevent clickjacking --- bench/config/templates/nginx.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bench/config/templates/nginx.conf b/bench/config/templates/nginx.conf index 36aa724b..629dad3c 100644 --- a/bench/config/templates/nginx.conf +++ b/bench/config/templates/nginx.conf @@ -34,6 +34,8 @@ server { ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_prefer_server_ciphers on; {% endif %} + + add_header X-Frame-Options "SAMEORIGIN"; location /assets { try_files $uri =404;