Does anybody have a correct location config for v.15.0.2? Which directories should be readable / forbidden?
Did you notice any weird behaviour or is something not working?
I am curious because I am using the nginx config from the first link and expect my LDAP admin page problem everything seems to work fine.
The official config for Nginx may need update.
I found recently something like this reminder under Overview - Security & setup warnings
The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.