From 4bae3cb9fa4ac3a52af58470722b353e60143883 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Tue, 8 Oct 2019 14:29:57 +0200
Subject: [PATCH] add sameorigin header

---
 rootfs/etc/confd/templates/nextcloud.conf.tmpl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rootfs/etc/confd/templates/nextcloud.conf.tmpl b/rootfs/etc/confd/templates/nextcloud.conf.tmpl
index 46f46df..b20ff3c 100644
--- a/rootfs/etc/confd/templates/nextcloud.conf.tmpl
+++ b/rootfs/etc/confd/templates/nextcloud.conf.tmpl
@@ -16,6 +16,7 @@ server {
     add_header X-Download-Options noopen;
     add_header X-Permitted-Cross-Domain-Policies none;
     add_header Referrer-Policy no-referrer;
+    add_header X-Frame-Options "SAMEORIGIN" always;
 
     fastcgi_hide_header X-Powered-By;
 
@@ -28,11 +29,11 @@ server {
     }
 
     location = /.well-known/carddav {
-        return 301 $scheme://$host/remote.php/dav;
+      return 301 $scheme://$host:$server_port/remote.php/dav;
     }
 
     location = /.well-known/caldav {
-        return 301 $scheme://$host/remote.php/dav;
+      return 301 $scheme://$host:$server_port/remote.php/dav;
     }
 
     client_max_body_size {{getenv "MAX_UPLOAD_SIZE"}};