external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-18 18:07:22 +01:00
Code Issues Releases Wiki Activity

updates on nginx security headers

Browse Source
This commit is contained in:
KiekerJan
2022-04-18 21:16:21 +02:00
parent f1bc7187b2
commit 0392b07008
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
conf/nginx-primaryonly.conf
View File

@@ -36,6 +36,8 @@
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "strict-origin";
}
# Nextcloud configuration.

5
conf/nginx/security.conf
View File

@@ -1,5 +0,0 @@
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy-Report-Only "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;frame-ancestors 'self'";
add_header Referrer-Policy "strict-origin";