phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 13:46:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add SAMEORIGIN header to Nextcloud

Browse source
This commit is contained in:
Paul-Henri Froidmont 2020-07-26 01:20:10 +02:00
parent 0d100f0dcc
commit 9c0b3b4e88
1 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/nextcloud-docker/files/nextcloud/web/nginx.conf
View file

@ -45,11 +45,16 @@ http {
# will add the domain to a hardcoded list that is shipped # will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list # in all major browsers and getting removed from this list
# could take several months. # could take several months.
add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer" always;
add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag none; add_header X-Download-Options "noopen" always;
add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
root /var/www/html; root /var/www/html;