aboutsummaryrefslogtreecommitdiffhomepage
path: root/support/nginx
diff options
context:
space:
mode:
authorRigel Kent <par@rigelk.eu>2018-03-20 17:28:41 +0100
committerChocobozzz <me@florianbigard.com>2018-03-20 17:28:41 +0100
commitd40cd86bf56973d7217ad44737e3890b6e7f1ad5 (patch)
tree8403cf1af9f909b1e7bb75d28fe40b9db6b6afaf /support/nginx
parent040d4551788209507e1b1a39b427d39929bc63a3 (diff)
downloadPeerTube-d40cd86bf56973d7217ad44737e3890b6e7f1ad5.tar.gz
PeerTube-d40cd86bf56973d7217ad44737e3890b6e7f1ad5.tar.zst
PeerTube-d40cd86bf56973d7217ad44737e3890b6e7f1ad5.zip
Selective route permission to use embeds, fixes #322 in a better way (#364)
Diffstat (limited to 'support/nginx')
-rw-r--r--support/nginx/peertube6
1 files changed, 6 insertions, 0 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index e94eac5e8..bde0b18e8 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -38,6 +38,7 @@ server {
38 # resolver_timeout 5s; 38 # resolver_timeout 5s;
39 39
40 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 40 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
41 add_header X-Frame-Options DENY;
41 add_header X-Content-Type-Options nosniff; 42 add_header X-Content-Type-Options nosniff;
42 add_header X-XSS-Protection "1; mode=block"; 43 add_header X-XSS-Protection "1; mode=block";
43 add_header X-Robots-Tag none; 44 add_header X-Robots-Tag none;
@@ -103,6 +104,11 @@ server {
103 alias /var/www/peertube/storage/videos; 104 alias /var/www/peertube/storage/videos;
104 } 105 }
105 106
107 # Allow embeds
108 location /videos/embed {
109 proxy_hide_header X-Frame-Options;
110 }
111
106 # Websocket tracker 112 # Websocket tracker
107 location /tracker/socket { 113 location /tracker/socket {
108 # Peers send a message to the tracker every 15 minutes 114 # Peers send a message to the tracker every 15 minutes