From d40cd86bf56973d7217ad44737e3890b6e7f1ad5 Mon Sep 17 00:00:00 2001
From: Rigel Kent <par@rigelk.eu>
Date: Tue, 20 Mar 2018 17:28:41 +0100
Subject: Selective route permission to use embeds, fixes #322 in a better way
 (#364)

---
 support/nginx/peertube | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'support')

diff --git a/support/nginx/peertube b/support/nginx/peertube
index e94eac5e8..bde0b18e8 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -38,6 +38,7 @@ server {
   # resolver_timeout 5s;
 
   add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+  add_header X-Frame-Options DENY;
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
@@ -103,6 +104,11 @@ server {
     alias /var/www/peertube/storage/videos;
   }
 
+  # Allow embeds
+  location /videos/embed {
+    proxy_hide_header X-Frame-Options;
+  }
+
   # Websocket tracker
   location /tracker/socket {
     # Peers send a message to the tracker every 15 minutes
-- 
cgit v1.2.3