Skip to content

Commit

Permalink
Covering a few extra cases for preventing clickjacking attacks. (#2309)
Browse files Browse the repository at this point in the history
  • Loading branch information
@AidanHilt
AidanHilt authored Aug 7, 2023
1 parent c4d01f0 commit 92f8f3e
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 0 deletions.
4 changes: 4 additions & 0 deletions kube/services/revproxy/gen3.nginx.conf/gen3ff-as-root/frontend-framework-service.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
if ($csrf_check !~ ^ok-\S.+$) {
return 403 "failed csrf check";
}

# added to avoid click-jacking attacks
add_header X-Frame-Options "SAMEORIGIN";

set $proxy_service "frontend-framework";
set $upstream http://frontend-framework-service.$namespace.svc.cluster.local;
proxy_pass $upstream;
Expand Down
3 changes: 3 additions & 0 deletions kube/services/revproxy/gen3.nginx.conf/gen3ff-as-root/portal-service.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,8 @@
rewrite ^/(.*)$ /dashboard/Public/maintenance-page/index.html redirect;
}

# added to avoid click-jacking attacks
add_header X-Frame-Options "SAMEORIGIN";

proxy_pass $upstream;
}
4 changes: 4 additions & 0 deletions kube/services/revproxy/gen3.nginx.conf/portal-as-root/frontend-framework-service.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@
if ($csrf_check !~ ^ok-\S.+$) {
return 403 "failed csrf check";
}

# added to avoid click-jacking attacks
add_header X-Frame-Options "SAMEORIGIN";

set $proxy_service "frontend-framework";
# frontend framework service expects the /ff/ prefix, so no path rewrite
set $upstream http://frontend-framework-service.$namespace.svc.cluster.local;
Expand Down

0 comments on commit 92f8f3e

Please sign in to comment.