fix default of npmplus_x_frame_options in custom locations again

Zoey2936 · Zoey2936 · commit 94a0e4a42fd8 · 2026-02-15T10:09:23.000+01:00
diff --git a/backend/templates/_proxy_host_custom_location.conf b/backend/templates/_proxy_host_custom_location.conf
@@ -12,10 +12,13 @@ location {{ location_type }}{{ path }} {
   {% if npmplus_noindex == true %}include noindex-nofollow.conf;{% endif %}
   {% if npmplus_crowdsec_appsec == true %}set $crowdsec_disable_appsec 1;{% endif %}
 
-  {% if npmplus_x_frame_options == "none" %}
+  {% if npmplus_x_frame_options == "upstream" %}
+  {% elsif npmplus_x_frame_options == "none" %}
      more_clear_headers "X-Frame-Options";
-  {% elsif npmplus_x_frame_options == "upstream" %}{% else %}
-     more_set_headers "X-Frame-Options: {{ npmplus_x_frame_options }}";
+  {% elsif npmplus_x_frame_options == "DENY" %}
+     more_set_headers "X-Frame-Options: DENY";
+  {% else %}
+     more_set_headers "X-Frame-Options: SAMEORIGIN";
   {% endif %}
 
   {% if forward_scheme == "http" or forward_scheme == "https" %}
diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf
@@ -35,11 +35,14 @@
         {% if npmplus_noindex == true %}include noindex-nofollow.conf;{% endif %}
         {% if npmplus_crowdsec_appsec == true %}set $crowdsec_disable_appsec 1;{% endif %}
 
-          {% if npmplus_x_frame_options == "none" %}
-            more_clear_headers "X-Frame-Options";
-          {% elsif npmplus_x_frame_options == "upstream" %}{% else %}
-            more_set_headers "X-Frame-Options: {{ npmplus_x_frame_options }}";
-          {% endif %}
+        {% if npmplus_x_frame_options == "upstream" %}
+        {% elsif npmplus_x_frame_options == "none" %}
+           more_clear_headers "X-Frame-Options";
+        {% elsif npmplus_x_frame_options == "DENY" %}
+           more_set_headers "X-Frame-Options: DENY";
+        {% else %}
+           more_set_headers "X-Frame-Options: SAMEORIGIN";
+        {% endif %}
 
         {% if forward_scheme == "http" or forward_scheme == "https" %}
 
diff --git a/frontend/src/components/Form/LocationsFields.tsx b/frontend/src/components/Form/LocationsFields.tsx
@@ -357,8 +357,8 @@ export function LocationsFields({ initialValues, name = "locations" }: Props) {
 													>
 														<option value="SAMEORIGIN">SAMEORIGIN</option>
 														<option value="DENY">DENY</option>
-														<option value="upstream">upstream</option>
 														<option value="none">none</option>
+														<option value="upstream">upstream</option>
 													</select>
 												</label>
 											</span>
diff --git a/frontend/src/modals/ProxyHostModal.tsx b/frontend/src/modals/ProxyHostModal.tsx
@@ -544,10 +544,10 @@ const ProxyHostModal = EasyModal.create(({ id, isClone = false, visible, remove
 																						SAMEORIGIN
 																					</option>
 																					<option value="DENY">DENY</option>
+																					<option value="none">none</option>
 																					<option value="upstream">
 																						upstream
 																					</option>
-																					<option value="none">none</option>
 																				</select>
 																				{form.errors.npmplusXFrameOptions ? (
 																					<div className="invalid-feedback">
diff --git a/rootfs/usr/local/bin/envs.sh b/rootfs/usr/local/bin/envs.sh
@@ -726,7 +726,7 @@ if [ "$GOA" = "true" ] && [ "$LOGROTATE" = "false" ]; then
 fi
 
 
-export TV="11"
+export TV="12"
 if [ ! -s /data/npmplus/env.sha512sum ] || [ "$(cat /data/npmplus/env.sha512sum)" != "$( (grep "env\.[A-Z0-9_]\+" -roh /app/templates | sed "s|env.||g" | sort | uniq | xargs printenv; echo "$TV") | tr -d "\n" | sha512sum | cut -d" " -f1)" ]; then
     echo "At least one env or the template version changed, all hosts will be regenerated. Please make sure to read the changelog."
     export REGENERATE_ALL="true"
