Set frame-ancestors in Content-Security-Policy

https://infosec.mozilla.org/guidelines/web_security#x-frame-options
2025-10-30 20:47:43 +09:00 · 2020-10-29 10:13:55 -05:00
parent 50371fea4f
commit 01dd12f567
1 changed files with 1 additions and 1 deletions
--- a/root/defaults/ssl.conf
+++ b/root/defaults/ssl.conf
@@ -40,7 +40,7 @@ ssl_early_data on;

 # Optional additional headers
 #add_header Cache-Control "no-transform" always;
-#add_header Content-Security-Policy "upgrade-insecure-requests";
+#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
 #add_header Referrer-Policy "same-origin" always;
 #add_header X-Content-Type-Options "nosniff" always;
 #add_header X-Frame-Options "SAMEORIGIN" always;