From 7642b007d4bfc83081a4023a6ce7edf6d5ca5a0b Mon Sep 17 00:00:00 2001 From: Epitacio Neto Date: Wed, 11 Dec 2024 16:56:58 +1100 Subject: [PATCH 1/3] Clickjacking (X-Frame-Options Header) security patch fix on file doubtfire-web-webnginx.conf --- nginx.conf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/nginx.conf b/nginx.conf index 3d38fa6fd..6e863a224 100644 --- a/nginx.conf +++ b/nginx.conf @@ -11,14 +11,16 @@ http { index index.html; listen 80; - add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:" always; - # add_header Feature-Policy "microphone=(self),speaker=(self),fullscreen=(self),payment=(none);" always; - add_header Permissions-Policy "microphone=(self),speaker=(self),fullscreen=(self),payment=(none)" always; + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # Added X-Frame-Options header (security patch fix for clickjacking) + add_header X-Frame-Options "DENY" always; } gzip on; gzip_types text/css application/javascript; gzip_proxied any; gzip_buffers 32 8k; - } From 2c131da81fe86bb815e05bc1c2c2bf4547341883 Mon Sep 17 00:00:00 2001 From: epineto <96008456+epineto@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:40:39 +1100 Subject: [PATCH 2/3] Update nginx.conf - Adding Port 4200 (Default) --- nginx.conf | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 6e863a224..0ffb1466d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,11 +1,13 @@ worker_processes 1; -events { } +events { } http { include /etc/nginx/mime.types; sendfile on; + + # Server block for port 80 server { root /usr/share/nginx/html/; index index.html; @@ -15,7 +17,21 @@ http { add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; - # Added X-Frame-Options header (security patch fix for clickjacking) + # X-Frame-Options header for clickjacking protection + add_header X-Frame-Options "DENY" always; + } + + # Server block for port 4200 + server { + root /usr/share/nginx/html/; + index index.html; + listen 4200; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # X-Frame-Options header for clickjacking protection add_header X-Frame-Options "DENY" always; } From 2ccc6550f047cc41925dcbbc47878a45375ffb53 Mon Sep 17 00:00:00 2001 From: epineto <96008456+epineto@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:42:41 +1100 Subject: [PATCH 3/3] Update nginx.conf - Adding Port 443 --- nginx.conf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nginx.conf b/nginx.conf index 0ffb1466d..c664a819e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,6 +35,20 @@ http { add_header X-Frame-Options "DENY" always; } + # Server block for port 443 + server { + root /usr/share/nginx/html/; + index index.html; + listen 443; + + add_header Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:" always; + add_header Feature-Policy "microphone 'self';speaker 'self';fullscreen 'self';payment none;" always; + add_header Permissions-Policy "microphone=(self), fullscreen=(self), payment=()" always; + + # X-Frame-Options header for clickjacking protection + add_header X-Frame-Options "DENY" always; + } + gzip on; gzip_types text/css application/javascript; gzip_proxied any;