Setting X-Frame-Options to deny.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 07:22:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 07:22:10 +0000
commit: 3a06cde6ee4abea3bf30753f4c6746a1e12a9053 (patch)
tree: 8ea183be220ee615280bd4dee86b390044bebefe /debian
parent: Setting Cache-Control headers to "max-age=0, no-cache, no-store, no-transform... (diff)
download: apache2-3a06cde6ee4abea3bf30753f4c6746a1e12a9053.tar.xz
apache2-3a06cde6ee4abea3bf30753f4c6746a1e12a9053.zip
2 files changed, 6 insertions, 1 deletions
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index 1a6b739..cd6401d 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -56,7 +56,7 @@ enable_default_conf()
 	if is_fresh_install $@ ; then
 		for conf in charset localized-error-pages other-vhosts-access-log \
 				security serve-cgi-bin \
-				csp hsts modern-cookies modern-ssl no-cache ; do
+				csp hsts modern-cookies modern-ssl no-cache no-frames ; do
 			a2enconf -m -q $conf
 		done
 	fi
diff --git a/debian/config-dir/conf-available/no-frames.conf b/debian/config-dir/conf-available/no-frames.conf
new file mode 100644
index 0000000..93b0428
--- /dev/null
+++ b/debian/config-dir/conf-available/no-frames.conf
@@ -0,0 +1,5 @@
+# /etc/apache2/conf-available/no-frames.conf
+
+<IfModule mod_headers.c>
+	Header always set X-Frame-Options "deny"
+</IfModule>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 07:22:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 07:22:10 +0000
commit	3a06cde6ee4abea3bf30753f4c6746a1e12a9053 (patch)
tree	8ea183be220ee615280bd4dee86b390044bebefe /debian
parent	Setting Cache-Control headers to "max-age=0, no-cache, no-store, no-transform... (diff)
download	apache2-3a06cde6ee4abea3bf30753f4c6746a1e12a9053.tar.xz apache2-3a06cde6ee4abea3bf30753f4c6746a1e12a9053.zip