Removed add_header X-Frame-Options DENY by suggestion of Christian Mock since it...
authorPepi Zawodsky <git@maclemon.at>
Fri, 29 Nov 2013 18:52:19 +0000 (19:52 +0100)
committerPepi Zawodsky <git@maclemon.at>
Fri, 29 Nov 2013 18:52:19 +0000 (19:52 +0100)
src/practical_settings/webserver.tex

index 55db017..ce668ce 100644 (file)
@@ -119,7 +119,6 @@ lighttpd httpS:// redirection: \url{http://redmine.lighttpd.net/projects/1/wiki/
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA';
   add_header Strict-Transport-Security max-age=2592000;
-  add_header X-Frame-Options DENY;
 \end{lstlisting}
 
 %% XXX FIXME: do we need to specify dhparams? Parameter: ssl_dhparam = file. See: http://wiki.nginx.org/HttpSslModule#ssl_protocols