Skip to content

Commit

Permalink
Add HTTP headers for HSTS, XSS protection, disabling referrer and dis…
Browse files Browse the repository at this point in the history 
…abling content type sniffing
  • Loading branch information
@shesek
shesek committed Feb 26, 2019
1 parent 8b5b9c5 commit 208cdb6
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions contrib/nginx.conf.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,12 @@ server {
keepalive_timeout 15;
access_log off;
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' ";
add_header X-Frame-Options SAMEORIGIN always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;

location /{NGINX_PATH}api/ {
proxy_pass http://backend/;
Expand Down

0 comments on commit 208cdb6

Please sign in to comment.