Change Content-Security-Policy "frame-ancestors" to "self"
This allows for downloading files as the download button spawns an iframe when clicking it.
This commit is contained in:
parent
c3a9e56437
commit
3ee198bc10
|
@ -11,7 +11,7 @@ let
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue