2
0
mirror of https://github.com/offen/website.git synced 2024-12-23 13:30:20 +01:00

Merge pull request #2 from offen/dupe-headers

Strip app level headers in nginx
This commit is contained in:
Frederik Ring 2019-10-17 15:19:12 +02:00 committed by GitHub
commit eceb284302
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -28,10 +28,15 @@ http {
autoindex on;
root /www/data;
expires $expires;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy $csp;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy 'origin-when-cross-origin';
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options 'nosniff';
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection '1; mode=block';
location /api/ {