From d536a8c10ff9788c4f1bbaa86ab2910888d5ff01 Mon Sep 17 00:00:00 2001 From: Mike Tzou Date: Fri, 24 Jan 2020 12:33:25 +0800 Subject: [PATCH] Comment out unsafe directives by default --- NGINX-Reverse-Proxy-for-Web-UI.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/NGINX-Reverse-Proxy-for-Web-UI.md b/NGINX-Reverse-Proxy-for-Web-UI.md index d493e23..0df4135 100644 --- a/NGINX-Reverse-Proxy-for-Web-UI.md +++ b/NGINX-Reverse-Proxy-for-Web-UI.md @@ -11,10 +11,10 @@ location /qbt/ { # You should consider disable "Enable Cross-site request forgery (CSRF) protection" # setting in qBittorrent instead of using these directives to tamper the headers. # The setting is located under "Options -> WebUI tab" in qBittorrent since v4.1.2. - proxy_hide_header Referer; - proxy_hide_header Origin; - proxy_set_header Referer ''; - proxy_set_header Origin ''; + #proxy_hide_header Referer; + #proxy_hide_header Origin; + #proxy_set_header Referer ''; + #proxy_set_header Origin ''; # Not needed since qBittorrent v4.1.0 #add_header X-Frame-Options "SAMEORIGIN";