prevent click-jacking

author: Chris Meyers <chris.meyers.fsu@gmail.com> 2017-01-03 16:46:42 +0100
committer: Chris Meyers <chris.meyers.fsu@gmail.com> 2017-01-03 16:46:42 +0100
commit: f794b1eb1f31cabf2069fe211417f2aeb829ef01 (patch)
tree: 36280a8a0492787e1477f0ce5ae2cd139402fb09 /config
parent: Merge pull request #4553 from mabashian/3829-lookup-sort-column (diff)
download: awx-f794b1eb1f31cabf2069fe211417f2aeb829ef01.tar.xz
awx-f794b1eb1f31cabf2069fe211417f2aeb829ef01.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/config/awx-nginx.conf b/config/awx-nginx.conf
index 759fc7eb5b..a87df125a9 100644
--- a/config/awx-nginx.conf
+++ b/config/awx-nginx.conf
@@ -76,6 +76,9 @@ http {
         # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
         add_header Strict-Transport-Security max-age=15768000;
 
+        # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
+        add_header X-Frame-Options "DENY";
+
         location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
         location /static { alias /var/lib/awx/public/static; }
author	Chris Meyers <chris.meyers.fsu@gmail.com>	2017-01-03 16:46:42 +0100
committer	Chris Meyers <chris.meyers.fsu@gmail.com>	2017-01-03 16:46:42 +0100
commit	f794b1eb1f31cabf2069fe211417f2aeb829ef01 (patch)
tree	36280a8a0492787e1477f0ce5ae2cd139402fb09 /config
parent	Merge pull request #4553 from mabashian/3829-lookup-sort-column (diff)
download	awx-f794b1eb1f31cabf2069fe211417f2aeb829ef01.tar.xz awx-f794b1eb1f31cabf2069fe211417f2aeb829ef01.zip