From ca16e3af504c59d16c0eae037cbf884249a954fe Mon Sep 17 00:00:00 2001
From: Amanda Graven <amanda@graven.dev>
Date: Sun, 14 Dec 2025 19:52:00 +0100
Subject: [PATCH] Disable global headers to appease nginx linter

---
 config/common/services/nginx.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/common/services/nginx.nix b/config/common/services/nginx.nix
index ece567c..95b1c60 100644
--- a/config/common/services/nginx.nix
+++ b/config/common/services/nginx.nix
@@ -20,23 +20,23 @@
       map $scheme $hsts_header {
           https   "max-age=31536000; includeSubdomains; preload";
       }
-      add_header Strict-Transport-Security $hsts_header;
+      #add_header Strict-Transport-Security $hsts_header;
 
       # Enable CSP for your services.
       #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
 
       # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'same-origin';
+      #add_header 'Referrer-Policy' 'same-origin';
 
       # Disable embedding as a frame
       #add_header X-Frame-Options DENY;
 
       # Prevent injection of code in other mime types (XSS Attacks)
-      add_header X-Content-Type-Options nosniff;
+      #add_header X-Content-Type-Options nosniff;
 
       # Enable XSS protection of the browser.
       # May be unnecessary when CSP is configured properly (see above)
-      add_header X-XSS-Protection "1; mode=block";
+      #add_header X-XSS-Protection "1; mode=block";
 
       # This might create errors
       proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";