X-Frame-Options SAMEORIGIN

After upgrading an old instance to 17, there is a warning in /settings/admin:

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

Adding

add_header X-Frame-Options "SAMEORIGIN";

right after https://lab.libreho.st/libre.sh/compose/nextcloud/blob/37f442064b61beece7fe2a2271e412e5a5c75ab2/nginx.conf#L18 as in https://lab.libreho.st/libre.sh/compose/nextcloud/blob/37f442064b61beece7fe2a2271e412e5a5c75ab2/nginx.conf#L90 below helped circumvent this message.

Would we agree this is the right thing to do for everyone using this setup? Then a PR is imminent.

---

Found this after 37f44206 (comment 721)