From 4daa34091b4e91acb81a8742db1796db034c2351 Mon Sep 17 00:00:00 2001 From: "Benjamin W. Broersma" Date: Wed, 13 Dec 2023 15:06:38 +0100 Subject: [PATCH] [1.8.x] Fix headers for www-hostname Fixes https://github.com/internetstandards/Internet.nl/issues/1210. Signed-off-by: Benjamin W. Broersma (cherry picked from commit f15c239c3303e61e928a189adacf144dab7cbe25) --- docker/webserver/nginx_templates/app.conf.template | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker/webserver/nginx_templates/app.conf.template b/docker/webserver/nginx_templates/app.conf.template index 9cc9b82c0..45ce66244 100644 --- a/docker/webserver/nginx_templates/app.conf.template +++ b/docker/webserver/nginx_templates/app.conf.template @@ -133,6 +133,14 @@ server { allow all; } + add_header 'X-Frame-Options' 'SAMEORIGIN' always; + add_header 'X-Content-Type-Options' 'nosniff' always; + add_header 'X-Clacks-Overhead' 'GNU Terry Pratchett' always; + add_header 'Referrer-Policy' 'same-origin' always; + add_header 'X-XSS-Protection' '1; mode=block' always; + add_header 'Strict-Transport-Security' 'max-age=31536000;' always; + add_header 'Content-Security-Policy' "default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'" always; + # redirect to no-www domainname location ~ /(.*) { return 301 https://${INTERNETNL_DOMAINNAME}$request_uri;