Set X-Frame-Options header for Nextcloud

2020-09-05 03:50:46 -04:00 · 2020-09-05 03:50:46 -04:00 · 8a9dea2ec8
commit 8a9dea2ec8
parent 0fcd79040e
2 changed files with 4 additions and 1 deletions
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -33,7 +33,7 @@
      traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
      traefik.http.routers.nextcloud.entrypoints: websecure
      traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
-      traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav"
+      traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud@file,nextcloud-webdav"
      traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
      traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
      traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true"
--- a/roles/traefik/templates/security.yml.j2
+++ b/roles/traefik/templates/security.yml.j2
@ -5,6 +5,9 @@ tls:

 http:
  middlewares:
+    nextcloud:
+      headers:
+        customFrameOptionsValue: SAMEORIGIN
    securehttps:
      headers:
        frameDeny: true