How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?


#1

I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.


(Eli the Bearded) #2

#3

Thank you for link with method to solve problem.


#4

Problem is still with /assets/ directory.