Skip to content

Commit

Permalink
[1.8.x] Fix headers for www-hostname
Browse files Browse the repository at this point in the history 
Fixes #1210.

Signed-off-by: Benjamin W. Broersma <[email protected]>
(cherry picked from commit f15c239)
  • Loading branch information
@bwbroersma @mxsasha
bwbroersma authored and mxsasha committed Dec 13, 2023
1 parent b3c9f12 commit 4daa340
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions docker/webserver/nginx_templates/app.conf.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,14 @@ server {
allow all;
}

add_header 'X-Frame-Options' 'SAMEORIGIN' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
add_header 'X-Clacks-Overhead' 'GNU Terry Pratchett' always;
add_header 'Referrer-Policy' 'same-origin' always;
add_header 'X-XSS-Protection' '1; mode=block' always;
add_header 'Strict-Transport-Security' 'max-age=31536000;' always;
add_header 'Content-Security-Policy' "default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'" always;

# redirect to no-www domainname
location ~ /(.*) {
return 301 https://${INTERNETNL_DOMAINNAME}$request_uri;
Expand Down

0 comments on commit 4daa340

Please sign in to comment.