From 418899d4256dfdde46dea1d375fd327db3c31845 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 27 Feb 2019 17:52:30 +1000 Subject: [PATCH 1/5] Version bump --- README.md | 2 +- doc/DOCKERHUB.md | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 38d3c664..d417ff2a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Nginx Proxy Manager -![Version](https://img.shields.io/badge/version-2.0.9-green.svg?style=for-the-badge) +![Version](https://img.shields.io/badge/version-2.0.10-green.svg?style=for-the-badge) ![Stars](https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge) ![Pulls](https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge) diff --git a/doc/DOCKERHUB.md b/doc/DOCKERHUB.md index b7f017ca..911a0837 100644 --- a/doc/DOCKERHUB.md +++ b/doc/DOCKERHUB.md @@ -2,7 +2,7 @@ # Nginx Proxy Manager -![Version](https://img.shields.io/badge/version-2.0.9-green.svg?style=for-the-badge) +![Version](https://img.shields.io/badge/version-2.0.10-green.svg?style=for-the-badge) ![Stars](https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge) ![Pulls](https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge) diff --git a/package.json b/package.json index 3db398eb..5b0533a9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "nginx-proxy-manager", - "version": "2.0.9", + "version": "2.0.10", "description": "A beautiful interface for creating Nginx endpoints", "main": "src/backend/index.js", "devDependencies": { From 5a9a716ca6f99aed02bbd4ba4da8528758d08428 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 1 Mar 2019 20:12:49 +1000 Subject: [PATCH 2/5] CI: Prevent having to spin up resources when not Master branch --- Jenkinsfile | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c31f7e01..d4e0da0c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -81,11 +81,11 @@ pipeline { } } stage('Build Master') { + when { + branch 'master' + } parallel { stage('x86_64') { - when { - branch 'master' - } steps { ansiColor('xterm') { // Codebase @@ -127,9 +127,6 @@ pipeline { } } stage('armhf') { - when { - branch 'master' - } agent { label 'armhf' } @@ -173,9 +170,6 @@ pipeline { } } stage('arm64') { - when { - branch 'master' - } agent { label 'arm64' } From 0acec1105bb2c29e1e03a81cfb05a6426b3e2a20 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 1 Mar 2019 20:12:49 +1000 Subject: [PATCH 3/5] CI: Prevent having to spin up resources when not Master branch --- Jenkinsfile | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c31f7e01..d76d275e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -81,11 +81,11 @@ pipeline { } } stage('Build Master') { + when { + branch: 'master' + } parallel { stage('x86_64') { - when { - branch 'master' - } steps { ansiColor('xterm') { // Codebase @@ -127,9 +127,6 @@ pipeline { } } stage('armhf') { - when { - branch 'master' - } agent { label 'armhf' } @@ -173,9 +170,6 @@ pipeline { } } stage('arm64') { - when { - branch 'master' - } agent { label 'arm64' } From aad9ecde6bf7be183fe598b10d7cb50569ca914e Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 1 Mar 2019 20:12:49 +1000 Subject: [PATCH 4/5] CI: Prevent having to spin up resources when not Master branch --- Jenkinsfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index abd3db30..d4e0da0c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -82,11 +82,7 @@ pipeline { } stage('Build Master') { when { -<<<<<<< HEAD branch 'master' -======= - branch: 'master' ->>>>>>> 0acec1105bb2c29e1e03a81cfb05a6426b3e2a20 } parallel { stage('x86_64') { From 6f1d38a0e2c27cbb117782503abea133e20be806 Mon Sep 17 00:00:00 2001 From: jc21 Date: Mon, 4 Mar 2019 10:16:46 +1000 Subject: [PATCH 5/5] Fixes #88 - Allow specifying X-FRAME-OPTIONS with an environment variable (#89) --- doc/INSTALL.md | 20 ++++++++++++++++++++ src/backend/app.js | 8 +++++++- src/backend/index.js | 2 -- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/doc/INSTALL.md b/doc/INSTALL.md index b7e16056..3b06e410 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -143,3 +143,23 @@ Password: changeme ``` Immediately after logging in with this default user you will be asked to modify your details and change your password. + + +### Advanced Options + +#### X-FRAME-OPTIONS Header + +You can configure the [`X-FRAME-OPTIONS`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) header +value by specifying it as a Docker environment variable. The default if not specified is `deny`. + +```yml + ... + environment: + X_FRAME_OPTIONS: "sameorigin" + ... +``` + +``` +... -e "X_FRAME_OPTIONS=sameorigin" ... +``` + diff --git a/src/backend/app.js b/src/backend/app.js index e433013a..59802755 100644 --- a/src/backend/app.js +++ b/src/backend/app.js @@ -40,11 +40,17 @@ app.use(require('./lib/express/cors')); // General security/cache related headers + server header app.use(function (req, res, next) { + let x_frame_options = 'DENY'; + + if (typeof process.env.X_FRAME_OPTIONS !== 'undefined' && process.env.X_FRAME_OPTIONS) { + x_frame_options = process.env.X_FRAME_OPTIONS; + } + res.set({ 'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload', 'X-XSS-Protection': '0', 'X-Content-Type-Options': 'nosniff', - 'X-Frame-Options': 'DENY', + 'X-Frame-Options': x_frame_options, 'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate', Pragma: 'no-cache', Expires: 0 diff --git a/src/backend/index.js b/src/backend/index.js index cd0a7818..d97450e4 100644 --- a/src/backend/index.js +++ b/src/backend/index.js @@ -1,7 +1,5 @@ #!/usr/bin/env node -'use strict'; - const logger = require('./logger').global; function appStart () {