From cf429a80412c03a6809d1956253899744bdeb050 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= <theo.barnouin@protonmail.com>
Date: Wed, 16 Oct 2024 12:13:08 +0200
Subject: [PATCH] Allow x-frame on same origin in order for jellyfin SSO to
 work

---
 services/nginx/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/nginx/default.nix b/services/nginx/default.nix
index 498c894..d6b3bc6 100644
--- a/services/nginx/default.nix
+++ b/services/nginx/default.nix
@@ -63,7 +63,7 @@ in
           add_header 'Referrer-Policy' 'origin-when-cross-origin';
 
           # Disable embedding as a frame
-          add_header X-Frame-Options DENY;
+          add_header X-Frame-Options SAMEORIGIN;
 
           # Prevent injection of code in other mime types (XSS Attacks)
           add_header X-Content-Type-Options nosniff;