mark obsolete X-Frame-Options header as such

This commit is contained in:
Daniel Micay 2021-06-18 05:34:44 -04:00
parent e5da30c9a6
commit 1cbd223eee

View File

@ -90,6 +90,7 @@ http {
include snippets/security-headers.conf;
add_header Content-Security-Policy "frame-ancestors 'none'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY";
location = / {
@ -101,6 +102,7 @@ http {
proxy_hide_header X-Frame-Options;
include snippets/security-headers.conf;
add_header Content-Security-Policy "frame-ancestors 'none'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY";
add_header X-Robots-Tag "none";
@ -128,6 +130,7 @@ http {
include snippets/security-headers.conf;
add_header Content-Security-Policy "frame-ancestors 'self'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Robots-Tag "none";
}