The only noteworthy change is I opted to send X-Frame-Options: DENY instead of X-Frame-Options: SAMEORIGIN as it's more restrictive, and I don't believe Lemmy needs anything more lax. It is also in line with the documentation instructions from install from scratch, which uses the nginx.conf from this repository, which uses X-Frame-Options: DENY.
The only noteworthy change is I opted to send
X-Frame-Options: DENY
instead ofX-Frame-Options: SAMEORIGIN
as it's more restrictive, and I don't believe Lemmy needs anything more lax. It is also in line with the documentation instructions from install from scratch, which uses the nginx.conf from this repository, which usesX-Frame-Options: DENY
.Before
After