bendodroid/nix-infra
1
0
Fork 0
forked from CCCHH/nix-infra
Code Pull requests Activity

Change Content-Security-Policy "frame-ancestors" to "self"

Browse source 
This allows for downloading files as the download button
spawns an iframe when clicking it.
This commit is contained in:
yuri 2023-10-07 05:41:12 +02:00 committed by Jannes Grzebien
parent c3a9e56437
commit 3ee198bc10
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
View file

@ -11,7 +11,7 @@ let
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'"; add_header Content-Security-Policy "frame-ancestors 'self'";
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
''; '';