From dd8e7d67aa261152ed44eb184e76ac60e0ef81c6 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Tue, 15 Sep 2020 23:06:33 -0400 Subject: [PATCH] Add X-Frame-Options header to securehttps --- roles/nextcloud/tasks/main.yml | 2 +- roles/traefik/templates/security.yml.j2 | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 1fda195..ea344e2 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -33,7 +33,7 @@ traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" traefik.http.routers.nextcloud.entrypoints: websecure traefik.http.routers.nextcloud.tls.certresolver: letsencrypt - traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud@file,nextcloud-webdav" + traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav" traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true" diff --git a/roles/traefik/templates/security.yml.j2 b/roles/traefik/templates/security.yml.j2 index e2c728c..5f6e983 100644 --- a/roles/traefik/templates/security.yml.j2 +++ b/roles/traefik/templates/security.yml.j2 @@ -5,9 +5,6 @@ tls: http: middlewares: - nextcloud: - headers: - customFrameOptionsValue: SAMEORIGIN securehttps: headers: frameDeny: true @@ -16,3 +13,4 @@ http: contentTypeNosniff: true stsPreload: {{ traefik_hsts_preload }} stsSeconds: {{ traefik_hsts_seconds }} + customFrameOptionsValue: SAMEORIGIN