1
0
mirror of https://github.com/ArcticFoxes-net/Synapse-Ubuntu-ZFS synced 2024-11-13 22:21:33 -05:00

Add proxy_hide_header to avoid sending duplicate headers

Signed-off-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
This commit is contained in:
wj25czxj47bu6q 2023-10-07 11:50:42 +00:00 committed by GitHub
parent e46a409afc
commit afe32081eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,8 +1,23 @@
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
proxy_hide_header Permissions-Policy;
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always; proxy_hide_header Referrer-Policy;
add_header X-Frame-Options "SAMEORIGIN" always; add_header Referrer-Policy "same-origin" always;
add_header X-XSS-Protection "0" always;
add_header Cross-Origin-Resource-Policy cross-origin; proxy_hide_header X-Content-Type-Options;
add_header Cross-Origin-Opener-Policy same-origin; add_header X-Content-Type-Options "nosniff" always;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "SAMEORIGIN" always;
proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection "0" always;
proxy_hide_header Cross-Origin-Resource-Policy;
add_header Cross-Origin-Resource-Policy cross-origin;
proxy_hide_header Cross-Origin-Opener-Policy;
add_header Cross-Origin-Opener-Policy same-origin;