How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?

opalizoid · August 13, 2016, 1:36pm

I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.

elijah · August 14, 2016, 4:10am

opalizoid · August 14, 2016, 7:55pm

Thank you for link with method to solve problem.

opalizoid · August 16, 2016, 10:43am

Problem is still with /assets/ directory.

Topic		Replies	Views
Add a custom HTTP header to requests made to your Discourse sysadmin how-to , tips-and-tricks	5	4464	September 12, 2016
Add to route headers? support	15	1437	May 24, 2022
Embedded comments not displayed due to X-Frame-Options DENY support	11	3136	July 18, 2016
Optional Mobile Title Header theme-component official	18	2670	April 12, 2019
Running Discourse in an iframe support	10	2053	April 24, 2019