Allow frame embedding in Gitea

This commit is contained in:
coolneng 2021-07-20 15:58:06 +02:00
parent b498a9556a
commit 95c593c9eb
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
1 changed files with 2 additions and 6 deletions

View File

@ -24,16 +24,12 @@
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame # Disable embedding as a frame, except from the same origin
add_header X-Frame-Options DENY; add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above)
add_header X-XSS-Protection "1; mode=block";
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
''; '';