Remove X-Pi-hole header

Also adds `X-Frame-Options: DENY` for the admin directory, so that
an ad can't load it into a frame
This commit is contained in:
Mcat12 2016-05-02 18:51:02 -04:00
parent ba283755be
commit 7bc2844b9d

View file

@ -46,13 +46,11 @@ include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
# If the URL starts with /admin, it is the Web interface # If the URL starts with /admin, it is the Web interface
$HTTP["url"] =~ "^/admin/" { $HTTP["url"] =~ "^/admin/" {
# Create a response header for debugging using curl -I # Create a response header for debugging using curl -I
setenv.add-response-header = ( "X-Pi-hole" => "The Pi-hole Web interface is working!" ) setenv.add-response-header = ( "X-Frame-Options" => "DENY" )
} }
# If the URL does not start with /admin, then it is a query for an ad domain # If the URL does not start with /admin, then it is a query for an ad domain
$HTTP["url"] =~ "^(?!/admin)/.*" { $HTTP["url"] =~ "^(?!/admin)/.*" {
# Create a response header for debugging using curl -I # rewrite only js requests
setenv.add-response-header = ( "X-Pi-hole" => "A black hole for Internet advertisements." ) url.rewrite = ("(.*).js" => "pihole/index.js")
# rewrite only js requests
url.rewrite = ("(.*).js" => "pihole/index.js")
} }