diff --git a/servers/puppet/files/nginx/humbug-include/app b/servers/puppet/files/nginx/humbug-include/app index 92324cdd88..a88757cf54 100644 --- a/servers/puppet/files/nginx/humbug-include/app +++ b/servers/puppet/files/nginx/humbug-include/app @@ -4,9 +4,6 @@ error_log /var/log/nginx/humbug.error.log; # Enable HSTS: tell browsers to always use HTTPS add_header Strict-Transport-Security max-age=15768000; -# Avoid clickjacking attacks -add_header X-Frame-Options DENY; - # Serve a custom error page when the app is down error_page 502 503 504 /static/public/html/5xx.html; diff --git a/servers/puppet/files/nginx/sites-available/humbug b/servers/puppet/files/nginx/sites-available/humbug index 47a0205fdd..30cffb201b 100644 --- a/servers/puppet/files/nginx/sites-available/humbug +++ b/servers/puppet/files/nginx/sites-available/humbug @@ -26,5 +26,8 @@ server { server_name humbughq.com zephyr.humbughq.com; + # Avoid clickjacking attacks + add_header X-Frame-Options DENY; + include /etc/nginx/humbug-include/app; } diff --git a/servers/puppet/files/nginx/sites-available/humbug-staging b/servers/puppet/files/nginx/sites-available/humbug-staging index 7ca0472424..e246e0bddc 100644 --- a/servers/puppet/files/nginx/sites-available/humbug-staging +++ b/servers/puppet/files/nginx/sites-available/humbug-staging @@ -13,5 +13,8 @@ server { server_name staging.humbughq.com; + # Avoid clickjacking attacks + add_header X-Frame-Options DENY; + include /etc/nginx/humbug-include/app; }