From cb63d17a2fccb6a5ddffd129494e0bc0554f4037 Mon Sep 17 00:00:00 2001
From: wiz <j@wiz.biz>
Date: Wed, 23 Oct 2024 22:12:26 +0900
Subject: [PATCH] ops: Don't always set frameoptions in nginx

---
 production/nginx/server-common.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/production/nginx/server-common.conf b/production/nginx/server-common.conf
index 2f84cda7f..9a2a582c0 100644
--- a/production/nginx/server-common.conf
+++ b/production/nginx/server-common.conf
@@ -8,8 +8,11 @@ add_header Onion-Location http://$onion.onion$request_uri;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
 # generate frame configuration from origin header
-set $frameOptions "DENY";
-set $contentSecurityPolicy "frame-ancestors 'none'";
+if ($frameOptions = '')
+{
+	set $frameOptions "DENY";
+	set $contentSecurityPolicy "frame-ancestors 'none'";
+}
 
 # used for iframes on https://mempool.space/network
 if ($http_referer ~ ^https://mempool.space/)