nginx set x-frame-options to sameorigin

2026-03-10 10:08:00 +02:00 · 2026-03-10 10:08:00 +02:00 · 0bdc2fc68c
commit 0bdc2fc68c
parent 295f9d4696
1 changed files with 1 additions and 1 deletions
--- a/config/http/default.nix
+++ b/config/http/default.nix
@ -38,7 +38,7 @@ in {
      more_set_headers 'Strict-Transport-Security: $hsts_header';
      more_set_headers 'Content-Security-Policy: upgrade-insecure-requests';
      more_set_headers 'Referrer-Policy: origin-when-cross-origin';
-      more_set_headers 'X-Frame-Options: DENY';
+      more_set_headers 'X-Frame-Options: SAMEORIGIN';
      more_set_headers 'X-Content-Type-Options: nosniff';
      more_set_headers 'X-XSS-Protection: 0';
    '';