MAGETWO-43510: x-frame-options missing from setup

eddielau · eddielau · commit 20bd0b99b09a · 2015-10-22T15:58:51.000-05:00
- add missing header to static file request urls
diff --git a/nginx.conf.sample b/nginx.conf.sample
@@ -34,6 +34,7 @@ location /setup {
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include        fastcgi_params;
+        add_header X-Frame-Options "SAMEORIGIN"
     }
 
     location ~ ^/setup/(?!pub/). {
@@ -50,12 +51,14 @@ location /update {
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include        fastcgi_params;
+        add_header X-Frame-Options "SAMEORIGIN"
     }
 
     # deny everything but index.php
     location ~ ^/update/(?!pub/). {
         deny all;
     }
+    add_header X-Frame-Options "SAMEORIGIN"
 }
 
 location / {
@@ -76,6 +79,7 @@ location /static/ {
     }
     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
         add_header Cache-Control "public";
+        add_header X-Frame-Options "SAMEORIGIN"
         expires +1y;
 
         if (!-f $request_filename) {
@@ -84,6 +88,7 @@ location /static/ {
     }
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
         add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN"
         expires    off;
 
         if (!-f $request_filename) {
@@ -105,11 +110,13 @@ location /media/ {
 
     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
         add_header Cache-Control "public";
+        add_header X-Frame-Options "SAMEORIGIN"
         expires +1y;
         try_files $uri $uri/ /get.php?$args;
     }
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
         add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN"
         expires    off;
         try_files $uri $uri/ /get.php?$args;
     }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ location /setup {`
`34`	`34`	`fastcgi_index index.php;`
`35`	`35`	`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
`36`	`36`	`include fastcgi_params;`
	`37`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`location ~ ^/setup/(?!pub/). {`
`@@ -50,12 +51,14 @@ location /update {`
`50`	`51`	`fastcgi_index index.php;`
`51`	`52`	`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
`52`	`53`	`include fastcgi_params;`
	`54`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`53`	`55`	`}`
`54`	`56`
`55`	`57`	`# deny everything but index.php`
`56`	`58`	`location ~ ^/update/(?!pub/). {`
`57`	`59`	`deny all;`
`58`	`60`	`}`
	`61`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`59`	`62`	`}`
`60`	`63`
`61`	`64`	`location / {`
`@@ -76,6 +79,7 @@ location /static/ {`
`76`	`79`	`}`
`77`	`80`	`location ~* \.(ico\|jpg\|jpeg\|png\|gif\|svg\|js\|css\|swf\|eot\|ttf\|otf\|woff\|woff2)$ {`
`78`	`81`	`add_header Cache-Control "public";`
	`82`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`79`	`83`	`expires +1y;`
`80`	`84`
`81`	`85`	`if (!-f $request_filename) {`
`@@ -84,6 +88,7 @@ location /static/ {`
`84`	`88`	`}`
`85`	`89`	`location ~* \.(zip\|gz\|gzip\|bz2\|csv\|xml)$ {`
`86`	`90`	`add_header Cache-Control "no-store";`
	`91`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`87`	`92`	`expires off;`
`88`	`93`
`89`	`94`	`if (!-f $request_filename) {`
`@@ -105,11 +110,13 @@ location /media/ {`
`105`	`110`
`106`	`111`	`location ~* \.(ico\|jpg\|jpeg\|png\|gif\|svg\|js\|css\|swf\|eot\|ttf\|otf\|woff\|woff2)$ {`
`107`	`112`	`add_header Cache-Control "public";`
	`113`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`108`	`114`	`expires +1y;`
`109`	`115`	`try_files $uri $uri/ /get.php?$args;`
`110`	`116`	`}`
`111`	`117`	`location ~* \.(zip\|gz\|gzip\|bz2\|csv\|xml)$ {`
`112`	`118`	`add_header Cache-Control "no-store";`
	`119`	`+ add_header X-Frame-Options "SAMEORIGIN"`
`113`	`120`	`expires off;`
`114`	`121`	`try_files $uri $uri/ /get.php?$args;`
`115`	`122`	`}`