add xframe options

2022-11-15 13:29:16 +01:00 · 2022-11-15 13:29:16 +01:00 · 6a93603994
parent 492b9127e5
commit 6a93603994
2 changed files with 5 additions and 1 deletions
--- a/.env.sample
+++ b/.env.sample
@ -10,4 +10,4 @@ LETS_ENCRYPT_ENV=production
 SECRET_DB_PASSWORD_VERSION=v1

 RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app']
-
+X_FRAME_OPTIONS_ALLOW_FROM=none
--- a/compose.yml
+++ b/compose.yml
@ -81,6 +81,7 @@ services:
    environment:
      - NGINX_SERVER_SCHEME=https
      - RAILS_TRUSTED_PROXIES
+      - X_FRAME_OPTIONS_ALLOW_FROM
    deploy:
      restart_policy:
        condition: on-failure
@ -90,6 +91,9 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-frameOptions"
+        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=allow-from *.local-it.cloud"
+        - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"