How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?


I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.

(Eli the Bearded) #2


Thank you for link with method to solve problem.


Problem is still with /assets/ directory.