FediMovies/fedimovies
1
1
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Activity

Add security headers to nginx config example

Browse source
This commit is contained in:
silverpill 2022-12-23 00:50:46 +00:00
parent 209f520d28
commit ce5577b5c2
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
contrib/mitra.nginx
View file

@ -30,6 +30,11 @@ server {
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000" always;
# script-src unsafe-inline required by MetaMask
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; img-src 'self' data:; media-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'";
add_header X-Content-Type-Options "nosniff";
location / {
# Frontend
root /usr/share/mitra/www;