From a6521034f3b96e5b575598f15eef31acce216a0a Mon Sep 17 00:00:00 2001 From: iwitz Date: Wed, 3 Apr 2019 11:34:46 +0200 Subject: [PATCH] fix: allow x-frames in apache configs --- INSTALL/apache.24.misp.ssl | 2 +- INSTALL/apache.misp.centos7 | 2 +- INSTALL/apache.misp.centos7.ssl | 2 +- INSTALL/apache.misp.ubuntu | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/INSTALL/apache.24.misp.ssl b/INSTALL/apache.24.misp.ssl index 859628b3a..b63e4b6b0 100644 --- a/INSTALL/apache.24.misp.ssl +++ b/INSTALL/apache.24.misp.ssl @@ -23,7 +23,7 @@ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" Header always set X-Content-Type-Options nosniff - Header always set X-Frame-Options DENY + Header always set X-Frame-Options SAMEORIGIN Header always unset "X-Powered-By" # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy diff --git a/INSTALL/apache.misp.centos7 b/INSTALL/apache.misp.centos7 index 7f119430f..6c6929414 100644 --- a/INSTALL/apache.misp.centos7 +++ b/INSTALL/apache.misp.centos7 @@ -24,7 +24,7 @@ ServerSignature Off Header always set X-Content-Type-Options nosniff - Header always set X-Frame-Options DENY + Header always set X-Frame-Options SAMEORIGIN Header always unset "X-Powered-By" # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy diff --git a/INSTALL/apache.misp.centos7.ssl b/INSTALL/apache.misp.centos7.ssl index 01a4ff66c..e0e8ce4e7 100644 --- a/INSTALL/apache.misp.centos7.ssl +++ b/INSTALL/apache.misp.centos7.ssl @@ -47,7 +47,7 @@ Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" Header always set X-Content-Type-Options nosniff - Header always set X-Frame-Options DENY + Header always set X-Frame-Options SAMEORIGIN Header always unset "X-Powered-By" # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy diff --git a/INSTALL/apache.misp.ubuntu b/INSTALL/apache.misp.ubuntu index d46cc8d2c..6581951ea 100644 --- a/INSTALL/apache.misp.ubuntu +++ b/INSTALL/apache.misp.ubuntu @@ -16,7 +16,7 @@ ServerSignature Off Header always set X-Content-Type-Options nosniff - Header always set X-Frame-Options DENY + Header always set X-Frame-Options SAMEORIGIN Header always unset "X-Powered-By" # TODO: Think about X-XSS-Protection, Content-Security-Policy, Referrer-Policy & Feature-Policy