How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?

opalizoid · 13 أغسطس 2016، 1:36م

I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.

elijah · 14 أغسطس 2016، 4:10ص

opalizoid · 14 أغسطس 2016، 7:55م

Thank you for link with method to solve problem.

opalizoid · 16 أغسطس 2016، 10:43ص

Problem is still with /assets/ directory.

الموضوع		الردود	مرات العرض
Add a custom HTTP header to requests made to your Discourse Sysadmins how-to	5	4726	12 سبتمبر 2016
Embedded comments not displayed due to X-Frame-Options DENY Support	12	3270	8 يونيو 2024
Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin' Support	7	45703	8 يونيو 2024
Discourse headless? Installation	6	1733	7 فبراير 2020
And invalid response header is being set from embed controller Support	4	699	27 مارس 2021