From 3f69614f0295e1f017e18f942e822a0d9f324bce Mon Sep 17 00:00:00 2001
From: Merlin Dienst <github@mdrone.de>
Date: Fri, 22 Jul 2022 08:39:30 +0200
Subject: [PATCH 1/3] Added XFRAME_SAMEORIGIN env to nginx config

---
 openvidu-server/deployments/ce/docker-compose/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
index 453be5825d..39812a002e 100644
--- a/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
+++ b/openvidu-server/deployments/ce/docker-compose/docker-compose.yml
@@ -107,6 +107,7 @@ services:
             - PROXY_HTTPS_PROTOCOLS=${HTTPS_PROTOCOLS:-}
             - PROXY_HTTPS_CIPHERS=${HTTPS_CIPHERS:-}
             - PROXY_HTTPS_HSTS=${HTTPS_HSTS:-}
+            - XFRAME_SAMEORIGIN=${XFRAME_SAMEORIGIN:-}
             - ALLOWED_ACCESS_TO_DASHBOARD=${ALLOWED_ACCESS_TO_DASHBOARD:-}
             - ALLOWED_ACCESS_TO_RESTAPI=${ALLOWED_ACCESS_TO_RESTAPI:-}
             - PROXY_MODE=CE

From b3dbbafd4523d7a7cec98b4c2afb000e88e1fd6e Mon Sep 17 00:00:00 2001
From: Merlin Dienst <github@mdrone.de>
Date: Fri, 22 Jul 2022 08:52:02 +0200
Subject: [PATCH 2/3] Moved  X-Frame-Options to actually have an effect

---
 .../docker/openvidu-proxy/default_nginx_conf/ce/default.conf  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
index 6927a8591e..f1b0ab9626 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/ce/default.conf
@@ -1,5 +1,3 @@
-{xframe_options}
-
 {app_upstream}
 
 upstream openviduserver {
@@ -36,6 +34,8 @@ server {
     {ssl_config}
 
     {proxy_config}
+    
+    {xframe_options}
 
     {app_config}
 

From 8b741ceaccffff7100a0b3462a58dad05fa95cb2 Mon Sep 17 00:00:00 2001
From: Merlin Dienst <github@mdrone.de>
Date: Fri, 22 Jul 2022 08:52:58 +0200
Subject: [PATCH 3/3] Moved HEader options to actually have an effect

---
 .../openvidu-proxy/default_nginx_conf/pro/default.conf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
index ea6f4884b8..6f1f437d0b 100644
--- a/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
+++ b/openvidu-server/docker/openvidu-proxy/default_nginx_conf/pro/default.conf
@@ -1,8 +1,3 @@
-{xframe_options}
-
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";
-
 {app_upstream}
 
 upstream kibana {
@@ -62,6 +57,11 @@ server {
     {proxy_config}
 
     {app_config}
+    
+    {xframe_options}
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
 
     ########################
     # OpenVidu Locations   #