diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml index 453be5825d..39812a002e 100644 --- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml +++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml @@ -107,6 +107,7 @@ services: - PROXY_HTTPS_PROTOCOLS=${HTTPS_PROTOCOLS:-} - PROXY_HTTPS_CIPHERS=${HTTPS_CIPHERS:-} - PROXY_HTTPS_HSTS=${HTTPS_HSTS:-} + - XFRAME_SAMEORIGIN=${XFRAME_SAMEORIGIN:-} - ALLOWED_ACCESS_TO_DASHBOARD=${ALLOWED_ACCESS_TO_DASHBOARD:-} - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-} - PROXY_MODE=CE diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf index 6927a8591e..f1b0ab9626 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf @@ -1,5 +1,3 @@ -{xframe_options} - {app_upstream} upstream openviduserver { @@ -36,6 +34,8 @@ server { {ssl_config} {proxy_config} + + {xframe_options} {app_config} diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf index ea6f4884b8..6f1f437d0b 100644 --- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf +++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf @@ -1,8 +1,3 @@ -{xframe_options} - -add_header X-Content-Type-Options nosniff; -add_header X-XSS-Protection "1; mode=block"; - {app_upstream} upstream kibana { @@ -62,6 +57,11 @@ server { {proxy_config} {app_config} + + {xframe_options} + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; ######################## # OpenVidu Locations #