mirror of
https://github.com/offen/website.git
synced 2024-12-23 13:30:20 +01:00
Merge pull request #2 from offen/dupe-headers
Strip app level headers in nginx
This commit is contained in:
commit
eceb284302
@ -28,10 +28,15 @@ http {
|
||||
autoindex on;
|
||||
root /www/data;
|
||||
expires $expires;
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
add_header Content-Security-Policy $csp;
|
||||
proxy_hide_header Strict-Transport-Security;
|
||||
add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
|
||||
proxy_hide_header Referrer-Policy;
|
||||
add_header Referrer-Policy 'origin-when-cross-origin';
|
||||
proxy_hide_header X-Content-Type-Options;
|
||||
add_header X-Content-Type-Options 'nosniff';
|
||||
proxy_hide_header X-XSS-Protection;
|
||||
add_header X-XSS-Protection '1; mode=block';
|
||||
|
||||
location /api/ {
|
||||
|
Loading…
Reference in New Issue
Block a user