Merge pull request #25 from kool-dev/nginx_remove_frame

Remove Frame Block from NGINX Config

Author: fabriciojs

7.1-nginx-prod/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.1-nginx/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.2-nginx-prod/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.2-nginx/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.3-nginx-prod/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.3-nginx/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.4-nginx-prod/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

7.4-nginx/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

8.0-nginx-prod/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)

8.0-nginx/default.tmpl

@@ -31,11 +31,13 @@ server {
         deny all;
     }
 
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
     # basic H5BP suggestions
     include h5bp/internet_explorer/x-ua-compatible.conf;
     include h5bp/security/referrer-policy.conf;
     include h5bp/security/x-content-type-options.conf;
-    include h5bp/security/x-frame-options.conf;
     include h5bp/security/x-xss-protection.conf;
 
     # performance enhancements (mostly for caching static data)