From e3dbdf7aa70b8adc2655fd7c020999b2e6010375 Mon Sep 17 00:00:00 2001 From: Salim Kanoun Date: Sun, 1 Sep 2024 17:11:12 +0200 Subject: [PATCH] add xframe options and more limited cors allowance --- GaelO2/config/cors.php | 2 +- nginx.conf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/GaelO2/config/cors.php b/GaelO2/config/cors.php index f66461c9e..5d17690b0 100644 --- a/GaelO2/config/cors.php +++ b/GaelO2/config/cors.php @@ -19,7 +19,7 @@ 'allowed_methods' => ['*'], - 'allowed_origins' => ['*'], + 'allowed_origins' => ['*.gaelo.fr', '*.pixilib.fr'], 'allowed_origins_patterns' => ['*'], diff --git a/nginx.conf b/nginx.conf index 8d4214ffb..91394dd9b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -50,6 +50,7 @@ http { server_tokens off; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; + add_header X-Frame-Options "SAMEORIGIN"; root /var/www/public; index index.php;