🔧(front) configure x-frame-options to DENY in nginx conf (#1084)

lunika · web-flow · commit c7261cf507f7 · 2025-06-19T15:36:57.000+02:00
The API has the response header x-frame-options configure to DENY and
nothing is configure in the nginx configuring managing the frontend
application. We want to have the same value. The header is added on all
locations.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to
 - ✨(frontend) add customization for translations #857
 - 📝(project) add troubleshoot doc #1066
 - 📝(project) add system-requirement doc #1066
+- 🔧(front) configure x-frame-options to DENY in nginx conf #1084
 
 ### Changed
 
diff --git a/src/frontend/apps/impress/conf/default.conf b/src/frontend/apps/impress/conf/default.conf
@@ -7,10 +7,14 @@ server {
 
   location / {
       try_files $uri index.html $uri/ =404;
+
+      add_header X-Frame-Options DENY always;
   }
 
   location ~ "^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$" {
       try_files $uri /docs/[id]/index.html;
+
+      add_header X-Frame-Options DENY always;
   }
 
   error_page 404 /404.html;

Original file line number	Diff line number	Diff line change
`@@ -7,10 +7,14 @@ server {`
`7`	`7`
`8`	`8`	`location / {`
`9`	`9`	`try_files $uri index.html $uri/ =404;`
	`10`	`+`
	`11`	`+ add_header X-Frame-Options DENY always;`
`10`	`12`	`}`
`11`	`13`
`12`	`14`	`location ~ "^/docs/[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/?$" {`
`13`	`15`	`try_files $uri /docs/[id]/index.html;`
	`16`	`+`
	`17`	`+ add_header X-Frame-Options DENY always;`
`14`	`18`	`}`
`15`	`19`
`16`	`20`	`error_page 404 /404.html;`