fix frame ancestors

This commit is contained in:
Philipp Rothmann 2022-10-11 16:12:04 +02:00
parent e76454c4fd
commit 2be42d0a84
1 changed files with 1 additions and 2 deletions

View File

@ -67,8 +67,7 @@ http {
add_header X-XSS-Protection "1; mode=block" always;
{{ if eq (env "X_FRAME_OPTIONS_ENABLED") "1" }}
add_header X-Frame-Options "{{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}" always;
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }}";
add_header Content-Security-Policy "frame-ancestors {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} {{ env "DOMAIN" }}";
{{ else }}
add_header X-Frame-Options "SAMEORIGIN" always;
{{ end }}