Skip to content

Commit

Permalink
add xframe options and more limited cors allowance
Browse files Browse the repository at this point in the history
  • Loading branch information
salimkanoun committed Sep 1, 2024
1 parent 99f3458 commit e3dbdf7
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion GaelO2/config/cors.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

'allowed_methods' => ['*'],

'allowed_origins' => ['*'],
'allowed_origins' => ['*.gaelo.fr', '*.pixilib.fr'],

'allowed_origins_patterns' => ['*'],

Expand Down
1 change: 1 addition & 0 deletions nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ http {
server_tokens off;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN";

root /var/www/public;
index index.php;
Expand Down

0 comments on commit e3dbdf7

Please sign in to comment.