How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?

opalizoid · August 13, 2016, 1:36pm

I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.

elijah · August 14, 2016, 4:10am

opalizoid · August 14, 2016, 7:55pm

Thank you for link with method to solve problem.

opalizoid · August 16, 2016, 10:43am

Problem is still with /assets/ directory.

Topic		Replies	Views
Add a custom HTTP header to requests made to your Discourse Sysadmins how-to	5	4671	September 12, 2016
Add to route headers? Support	15	1556	May 24, 2022
Embedded comments not displayed due to X-Frame-Options DENY Support	12	3247	June 8, 2024
Running Discourse in an iframe Support	10	2169	April 24, 2019
Discourse integration for Microsoft Teams? Feature	17	4252	December 6, 2019