2
0
mirror of https://github.com/offen/website.git synced 2024-11-22 09:00:28 +01:00

add additional security related headers to nginx configuration

This commit is contained in:
Frederik Ring 2019-09-26 16:55:57 +02:00
parent 3d9470eec4
commit d68b5c2cf7

View File

@ -29,6 +29,9 @@ http {
expires $expires; expires $expires;
add_header Content-Security-Policy $csp; add_header Content-Security-Policy $csp;
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
add_header Referrer-Policy 'origin-when-cross-origin';
add_header X-Content-Type-Options 'nosniff';
add_header X-XSS-Protection '1; mode=block';
location /api/ { location /api/ {
proxy_pass http://server; proxy_pass http://server;