From 9a5afd09faa8206e9eb88ddb84e7678c3e180bee Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Tue, 15 Mar 2016 15:46:49 +0100
Subject: [PATCH] Force X-Frame-Options SAMEORIGIN for Nagios (closes #17)

---
 templates/etc/nginx/sites-available/_base.j2    |  2 ++
 templates/etc/nginx/sites-available/_nagios3.j2 | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index 8fb6432..9da738c 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -60,11 +60,13 @@ server {
 {{ htpasswd(item.htpasswd, 1) }}
 {% endif %}
 
+{% block template_headers %}
 	# --> Custom headers
 {% for key, value in __headers.iteritems() %}
 	add_header {{ key }} {{ value | replace(' always', '') }}{% if nginx_version.stdout | version_compare('1.7.5', 'ge') and ' always' in value %} always{% endif %};
 {% endfor %}
 	# <-- Custom headers
+{% endblock %}
 
 {% if not __location.has_key('/') %}
 	location / {
diff --git a/templates/etc/nginx/sites-available/_nagios3.j2 b/templates/etc/nginx/sites-available/_nagios3.j2
index e49b0ac..aebb0ee 100644
--- a/templates/etc/nginx/sites-available/_nagios3.j2
+++ b/templates/etc/nginx/sites-available/_nagios3.j2
@@ -11,6 +11,20 @@
 	index index.php index.html;
 {% endblock %}
 
+{% block template_headers %}
+	# --> Custom headers
+{% for key, value in __headers.iteritems() %}
+{% if key == "X-Frame-Options" %}
+	# X-Frame-Options forced by Ansible
+	add_header {{ key }} SAMEORIGIN{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %};
+{% else %}
+	add_header {{ key }} {{ value | replace(' always', '') }}{% if nginx_version.stdout | version_compare('1.7.5', 'ge') and ' always' in value %} always{% endif %};
+{% endif %}
+{% endfor %}
+	# <-- Custom headers
+{% endblock %}
+
+
 {% block template_local_content %}
 	location ~ /\.ht {
 		deny all;