Changed iframe options

2025-08-29 15:06:26 +02:00 · 2025-03-20 04:31:02 +01:00
parent 87ca1ccc11
commit 0611ddda11
8 changed files with 15 additions and 14 deletions
--- a/roles/docker-nextcloud/templates/nginx/docker.conf.j2
+++ b/roles/docker-nextcloud/templates/nginx/docker.conf.j2
@@ -74,6 +74,7 @@ http {
        add_header X-Permitted-Cross-Domain-Policies    "none"                  always;
        add_header X-Robots-Tag                         "noindex, nofollow"     always;
        add_header X-XSS-Protection                     "1; mode=block"         always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
        {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}

        # Remove X-Powered-By, which is an information leak
--- a/roles/docker-peertube/templates/peertube.conf.j2
+++ b/roles/docker-peertube/templates/peertube.conf.j2
@@ -4,6 +4,9 @@ server {
  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}

  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+  
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
+  
  ##
  # Application
  ##
--- a/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2
@@ -1,4 +1,4 @@
-add_header X-Frame-Options "SAMEORIGIN" always;                                     # Allow iframe embedding only from the same origin
 {% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
-  add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always;  # Restrict embedding to the specified primary domain
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header Content-Security-Policy "frame-ancestors 'self' {{primary_domain}};" always;
 {% endif %}
--- a/roles/nginx-serve-assets/README.md
+++ b/roles/nginx-serve-assets/README.md
@@ -1,6 +1,2 @@
-# Nginx Homepage Role
-
-This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
-
-## Author Information
-This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
+# Assets Server
+This role provides assets
--- a/roles/nginx-serve-files/README.md
+++ b/roles/nginx-serve-files/README.md
@@ -1,6 +1,3 @@
-# Nginx Homepage Role
+# Nginx File Server

-This Ansible role configures an Nginx server to serve files. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
-
-## Author Information
-This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
+This Ansible role configures an Nginx server to serve files.
--- a/roles/nginx-serve-files/templates/nginx.conf.j2
+++ b/roles/nginx-serve-files/templates/nginx.conf.j2
@@ -5,6 +5,8 @@ server
  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}

  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
  charset utf-8;
  
  location /
--- a/roles/nginx-serve-html/templates/nginx.conf.j2
+++ b/roles/nginx-serve-html/templates/nginx.conf.j2
@@ -5,6 +5,8 @@ server
  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}

  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
  charset utf-8;
  
  location /