diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-13 10:33:58 +0100 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-13 10:33:58 +0100 |
commit | b1ee51f25577e4c407f525c740692d57b928b30b (patch) | |
tree | 18f89f1b74093d48725c6a83ab3469a8795325de /core/js/setupchecks.js | |
parent | 5565b19382d08df427fbdcf806c2a408a11f7207 (diff) | |
parent | 4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6 (diff) | |
download | nextcloud-server-b1ee51f25577e4c407f525c740692d57b928b30b.tar.gz nextcloud-server-b1ee51f25577e4c407f525c740692d57b928b30b.zip |
Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Diffstat (limited to 'core/js/setupchecks.js')
-rw-r--r-- | core/js/setupchecks.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 2f0cc4c7b34..2fa119334db 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -208,7 +208,9 @@ 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'X-Robots-Tag': 'none', - 'X-Frame-Options': 'SAMEORIGIN' + 'X-Frame-Options': 'SAMEORIGIN', + 'X-Download-Options': 'noopen', + 'X-Permitted-Cross-Domain-Policies': 'none', }; for (var header in securityHeaders) { |