From afe32081eb33773a4e3230dd89756204cb48a089 Mon Sep 17 00:00:00 2001 From: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com> Date: Sat, 7 Oct 2023 11:50:42 +0000 Subject: [PATCH] Add proxy_hide_header to avoid sending duplicate headers Signed-off-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com> --- etc/nginx/headers.conf | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/etc/nginx/headers.conf b/etc/nginx/headers.conf index e4ec5ea..ba3812c 100644 --- a/etc/nginx/headers.conf +++ b/etc/nginx/headers.conf @@ -1,8 +1,23 @@ -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; +proxy_hide_header Strict-Transport-Security; +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + +proxy_hide_header Permissions-Policy; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; -add_header Referrer-Policy "same-origin" always; -add_header X-Content-Type-Options "nosniff" always; -add_header X-Frame-Options "SAMEORIGIN" always; -add_header X-XSS-Protection "0" always; -add_header Cross-Origin-Resource-Policy cross-origin; -add_header Cross-Origin-Opener-Policy same-origin; + +proxy_hide_header Referrer-Policy; +add_header Referrer-Policy "same-origin" always; + +proxy_hide_header X-Content-Type-Options; +add_header X-Content-Type-Options "nosniff" always; + +proxy_hide_header X-Frame-Options; +add_header X-Frame-Options "SAMEORIGIN" always; + +proxy_hide_header X-XSS-Protection; +add_header X-XSS-Protection "0" always; + +proxy_hide_header Cross-Origin-Resource-Policy; +add_header Cross-Origin-Resource-Policy cross-origin; + +proxy_hide_header Cross-Origin-Opener-Policy; +add_header Cross-Origin-Opener-Policy same-origin;