From 8a9dea2ec8fe376ad3e5a8730f7b791ce4e82f9f Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Sat, 5 Sep 2020 03:50:46 -0400 Subject: [PATCH] Set X-Frame-Options header for Nextcloud --- roles/nextcloud/tasks/main.yml | 2 +- roles/traefik/templates/security.yml.j2 | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ea344e2..1fda195 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -33,7 +33,7 @@ traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" traefik.http.routers.nextcloud.entrypoints: websecure traefik.http.routers.nextcloud.tls.certresolver: letsencrypt - traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav" + traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud@file,nextcloud-webdav" traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true" diff --git a/roles/traefik/templates/security.yml.j2 b/roles/traefik/templates/security.yml.j2 index 4aaa9af..e2c728c 100644 --- a/roles/traefik/templates/security.yml.j2 +++ b/roles/traefik/templates/security.yml.j2 @@ -5,6 +5,9 @@ tls: http: middlewares: + nextcloud: + headers: + customFrameOptionsValue: SAMEORIGIN securehttps: headers: frameDeny: true