summaryrefslogtreecommitdiffstats
path: root/core/js/setupchecks.js
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-01-13 10:33:58 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2016-01-13 10:33:58 +0100
commitb1ee51f25577e4c407f525c740692d57b928b30b (patch)
tree18f89f1b74093d48725c6a83ab3469a8795325de /core/js/setupchecks.js
parent5565b19382d08df427fbdcf806c2a408a11f7207 (diff)
parent4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6 (diff)
downloadnextcloud-server-b1ee51f25577e4c407f525c740692d57b928b30b.tar.gz
nextcloud-server-b1ee51f25577e4c407f525c740692d57b928b30b.zip
Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Diffstat (limited to 'core/js/setupchecks.js')
-rw-r--r--core/js/setupchecks.js4
1 files changed, 3 insertions, 1 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 2f0cc4c7b34..2fa119334db 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -208,7 +208,9 @@
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'X-Robots-Tag': 'none',
- 'X-Frame-Options': 'SAMEORIGIN'
+ 'X-Frame-Options': 'SAMEORIGIN',
+ 'X-Download-Options': 'noopen',
+ 'X-Permitted-Cross-Domain-Policies': 'none',
};
for (var header in securityHeaders) {