From 6e9c664a18268d2cc76776d06a457b4e42edc050 Mon Sep 17 00:00:00 2001
From: Julen Landa Alustiza <jlanda@fedoraproject.org>
Date: Thu, 18 Jul 2019 23:13:07 +0200
Subject: [PATCH] Pagure: proper X-Frame-Options header in staging

---
 roles/pagure/frontend/templates/securityheaders.conf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/pagure/frontend/templates/securityheaders.conf b/roles/pagure/frontend/templates/securityheaders.conf
index 0ed22cfaa9..c1b1502a28 100644
--- a/roles/pagure/frontend/templates/securityheaders.conf
+++ b/roles/pagure/frontend/templates/securityheaders.conf
@@ -1,7 +1,9 @@
-Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/"
 Header always set X-Xss-Protection "1; mode=block"
 Header always set X-Content-Type-Options "nosniff"
 Header always set Referrer-Policy "same-origin"
-{% if env != 'pagure-staging' %}
+{% if env == 'pagure-staging' %}
+Header always set X-Frame-Options "ALLOW-FROM https://stg.pagure.io/"
+{% else %}
+Header always set X-Frame-Options "ALLOW-FROM https://pagure.io/"
 Header always set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org"
 {% endif %}