diff --git a/.htaccess b/.htaccess
index 78766692fe..22cbcce713 100755
--- a/.htaccess
+++ b/.htaccess
@@ -1,19 +1,22 @@
# redirect to public page
-
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !^public$
- RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
- RewriteRule "^(.*)$" "/public/" [R=301,L]
-
+
+ RewriteEngine On
+ RewriteCond %{REQUEST_URI} !^public$
+ RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+ RewriteRule "^(.*)$" "/public/" [R=301,L]
+
# disable directory browsing
# For security reasons, Option all cannot be overridden.
Options +SymLinksIfOwnerMatch -Indexes
-Header always set X-Frame-Options SAMEORIGIN
# prevent folder listing
IndexIgnore *
+
+ Header always set X-Frame-Options "SAMEORIGIN"
+
+
# Apache 2.4
# secure htaccess file
diff --git a/Dockerfile b/Dockerfile
index ebef9c6903..aa3118aa58 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
openssl
-RUN a2enmod rewrite
+RUN a2enmod rewrite headers
RUN docker-php-ext-install mysqli bcmath intl gd
RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
diff --git a/public/.htaccess b/public/.htaccess
index 20aeda3d83..e491849b60 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -24,6 +24,10 @@ RewriteRule ^(.*)$ index.php?/$1 [L]
#Options All -Indexes
Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
+
+ Header always set X-Frame-Options "SAMEORIGIN"
+
+
# prevent folder listing
IndexIgnore *
@@ -60,4 +64,4 @@ IndexIgnore *
ExpiresActive On
ExpiresDefault "access plus 1 week"
-
\ No newline at end of file
+