Selective route permission to use embeds, fixes #322 in a better way (#364)

author Rigel Kent <par@rigelk.eu>

Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)

committer Chocobozzz <me@florianbigard.com>

Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)
author Rigel Kent <par@rigelk.eu>
Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)
committer Chocobozzz <me@florianbigard.com>
Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)
diff --git a/support/nginx/peertube b/support/nginx/peertube

index e94eac5e84e220c01897e0219dcfbfe342e52bb6..bde0b18e88af732115fded519e51efd34a8cb5bd 100644 (file)
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -38,6 +38,7 @@ server {
    # resolver_timeout 5s;
  
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+  add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
@@ -103,6 +104,11 @@ server {
      alias /var/www/peertube/storage/videos;
    }
  
+  # Allow embeds
+  location /videos/embed {
+    proxy_hide_header X-Frame-Options;
+  }
+
    # Websocket tracker
    location /tracker/socket {
      # Peers send a message to the tracker every 15 minutes
author	Rigel Kent <par@rigelk.eu>
	Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)
committer	Chocobozzz <me@florianbigard.com>
	Tue, 20 Mar 2018 16:28:41 +0000 (17:28 +0100)