04/08: hydra: bayfront: Limit embedding of hpc.guix.info in frames.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository maintenance.

commit 644dc8fe8c610aa471a8e7c2a641576e85420300
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Jun 6 11:22:40 2022 +0200

    hydra: bayfront: Limit embedding of hpc.guix.info in frames.
    
    * hydra/bayfront.scm (%hpc.guix.info-nginx-servers): Add
    'X-Frame-Options' header.
---
 hydra/bayfront.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index dc8b81b..44fe233 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -318,7 +318,10 @@ proxy_cache_path /var/cache/nginx/bordeaux/nar
       (listen '("80" "[::]:80"))
       (raw-content
        '("
-access_log   /var/log/nginx/guix-hpc.access.log;"))
+access_log   /var/log/nginx/guix-hpc.access.log;
+
+# Limit embedding in HTML frames.
+add_header X-Frame-Options SAMEORIGIN;"))
       (locations
        (append
         common-locations
@@ -350,6 +353,9 @@ ssl_dhparam         /etc/dhparams.pem;
 # Tell clients to keep using HTTPS.
 add_header Strict-Transport-Security max-age=15552000;
 
+# Limit embedding in HTML frames.
+add_header X-Frame-Options SAMEORIGIN;
+
 access_log  /var/log/nginx/guix-hpc.access.log;"))
       (locations common-locations)))))