diff --git a/GaelO2/config/cors.php b/GaelO2/config/cors.php index f66461c9..5d17690b 100644 --- a/GaelO2/config/cors.php +++ b/GaelO2/config/cors.php @@ -19,7 +19,7 @@ 'allowed_methods' => ['*'], - 'allowed_origins' => ['*'], + 'allowed_origins' => ['*.gaelo.fr', '*.pixilib.fr'], 'allowed_origins_patterns' => ['*'], diff --git a/nginx.conf b/nginx.conf index 8d4214ff..91394dd9 100644 --- a/nginx.conf +++ b/nginx.conf @@ -50,6 +50,7 @@ http { server_tokens off; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; + add_header X-Frame-Options "SAMEORIGIN"; root /var/www/public; index index.php;