From 0217644b48d23b499e6590829e67348386cb9614 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Fri, 18 Jun 2021 23:27:23 +0530 Subject: [PATCH] Content-Security-Policy For Element Web https://github.com/vector-im/element-web#configuration-best-practices --- .../templates/nginx/conf.d/matrix-client-element.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index ee23cdfe3..17e8f131e 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -12,6 +12,7 @@ add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'none'"; {% if matrix_nginx_proxy_floc_optout_enabled %} add_header Permissions-Policy interest-cohort=() always;