From e200a3bbb5c24b21399c90d9f94caeb2f19bad1e Mon Sep 17 00:00:00 2001
From: anmol26s <github@datamol.org>
Date: Sun, 15 Jul 2018 16:57:54 +0530
Subject: [PATCH] only allow x-frame to /video/embed path for security

---
 conf/nginx.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index e2ac7bd..5d37dd1 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,5 @@
-	proxy_hide_header X-Frame-Options;
+	add_header X-Frame-Options https://__DOMAIN__/videos/embed;
+	
 	location ~ ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ {
     add_header Cache-Control "public, max-age=31536000, immutable";