From ed79906d7d03609e95a127ed1967ad2d533bfc26 Mon Sep 17 00:00:00 2001
From: hoellen <dev@hoellen.eu>
Date: Thu, 26 Sep 2019 13:23:21 +0200
Subject: [PATCH] add X-Frame-Options header to nginx conf

---
 nextcloud/rootfs/nginx/sites-enabled/nginx.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf
index 8620e93..7331a00 100644
--- a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf
+++ b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf
@@ -8,6 +8,7 @@ server {
         add_header Referrer-Policy "no-referrer" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header X-Download-Options "noopen" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
         add_header X-Permitted-Cross-Domain-Policies "none" always;
         add_header X-Robots-Tag "none" always;
         add_header X-XSS-Protection "1; mode=block" always;
@@ -69,6 +70,7 @@ server {
             add_header Referrer-Policy "no-referrer" always;
             add_header X-Content-Type-Options "nosniff" always;
             add_header X-Download-Options "noopen" always;
+            add_header X-Frame-Options "SAMEORIGIN" always;
             add_header X-Permitted-Cross-Domain-Policies "none" always;
             add_header X-Robots-Tag "none" always;
             add_header X-XSS-Protection "1; mode=block" always;