diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-11 21:20:42 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-01-12 10:37:16 +0100 |
| commit | 4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6 (patch) | |
| tree | 425251b10adc5a1d8791ce658f10a0058bf16a4d /core/js/setupchecks.js | |
| parent | 3317dd0a8e2ca265172d53a16f9241f3351aa3b8 (diff) | |
| download | nextcloud-server-4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6.tar.gz nextcloud-server-4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6.zip | |
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
Diffstat (limited to 'core/js/setupchecks.js')
| -rw-r--r-- | core/js/setupchecks.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index b1b8dd358d2..f6485c4218c 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -202,7 +202,9 @@ 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'X-Robots-Tag': 'none', - 'X-Frame-Options': 'SAMEORIGIN' + 'X-Frame-Options': 'SAMEORIGIN', + 'X-Download-Options': 'noopen', + 'X-Permitted-Cross-Domain-Policies': 'none', }; for (var header in securityHeaders) { |