From 790066c99d1c82438d68ef18fd88149b9bde64da Mon Sep 17 00:00:00 2001 From: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com> Date: Sun, 3 Sep 2023 13:57:00 +0000 Subject: [PATCH] Add missing headers.conf Signed-off-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com> --- etc/nginx/headers.conf | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 etc/nginx/headers.conf diff --git a/etc/nginx/headers.conf b/etc/nginx/headers.conf new file mode 100644 index 0000000..e4ec5ea --- /dev/null +++ b/etc/nginx/headers.conf @@ -0,0 +1,8 @@ +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; +add_header Referrer-Policy "same-origin" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-XSS-Protection "0" always; +add_header Cross-Origin-Resource-Policy cross-origin; +add_header Cross-Origin-Opener-Policy same-origin;