hubert/SimpleNotes
1
0
Fork 0
Code Projects Releases Activity

Add security headers

Browse Source
This commit is contained in:
Hubert Van De Walle
2020-04-30 22:34:20 +02:00
parent 6d215742d6
commit 78fead89cb
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx/server.conf
+11 -1
View File
@@ -24,6 +24,17 @@ server {
location / {
root /usr/share/nginx/html;
index index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# FIXME disable inlines in webpack
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "origin" always;
}
error_page 500 502 503 504 /50x.html;
@@ -37,4 +48,3 @@ server {
}
}