emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Disable global headers to appease nginx linter

Browse source
This commit is contained in:
Amanda Graven 2025-12-14 19:52:00 +01:00
parent 41f68392eb
commit ca16e3af50
Signed by: amanda
GPG key ID: F747582C5608F4CB
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/common/services/nginx.nix
View file

@ -20,23 +20,23 @@
map $scheme $hsts_header { map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload"; https "max-age=31536000; includeSubdomains; preload";
} }
add_header Strict-Transport-Security $hsts_header; #add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services. # Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'same-origin'; #add_header 'Referrer-Policy' 'same-origin';
# Disable embedding as a frame # Disable embedding as a frame
#add_header X-Frame-Options DENY; #add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; #add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser. # Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above) # May be unnecessary when CSP is configured properly (see above)
add_header X-XSS-Protection "1; mode=block"; #add_header X-XSS-Protection "1; mode=block";
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";