hubert/SimpleNotes
1
0
Fork 0
Code Projects Releases Activity

Add security headers

Browse Source
This commit is contained in:
Hubert Van De Walle 2020-04-30 22:34:20 +02:00
parent 6d215742d6
commit 78fead89cb
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/nuxt.config.js
View File

@ -120,6 +120,7 @@ export default {
** Build configuration ** Build configuration
*/ */
build: { build: {
extractCSS: true,
/* /*
** You can extend webpack config here ** You can extend webpack config here
*/ */

12
nginx/server.conf
View File

@ -24,6 +24,17 @@ server {
location / { location / {
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.html index.htm; index index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# FIXME disable inlines in webpack
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;";
add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "origin" always;
} }
error_page 500 502 503 504 /50x.html; error_page 500 502 503 504 /50x.html;
@ -37,4 +48,3 @@ server {
} }
} }