Commit 06c66298 authored by Nicolas Pernoud's avatar Nicolas Pernoud
Browse files

fix: added X-Frame-Options header to WebSecurity middleware

parent 2e3e05a9
Pipeline #4858 passed with stages
in 2 minutes and 35 seconds
......@@ -54,7 +54,7 @@ func (s webSecurityWriter) WriteHeader(code int) {
}
// Set the resulting CSP Header
s.w.Header().Set("Content-Security-Policy", cspHeader)
//s.w.Header().Set("X-Frame-Options", "SAMEORIGIN") // Works fine with chrome but is not obsoleted by frame-src in firefox 72.0.2
s.w.Header().Set("X-Frame-Options", "SAMEORIGIN")
s.w.Header().Set("X-XSS-Protection", "1; mode=block")
s.w.Header().Set("Referrer-Policy", "strict-origin")
s.w.Header().Set("X-Content-Type-Options", "nosniff")
......
......@@ -42,7 +42,7 @@
</div>
<div class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item"><p>v4.3.6</p></div>
<div class="navbar-item"><p>v4.3.7</p></div>
</div>
</div>
</nav>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment