Disable global headers to appease nginx linter

2025-12-14 19:52:00 +01:00 · 2025-12-14 19:52:00 +01:00 · ca16e3af50
commit ca16e3af50
parent 41f68392eb
1 changed files with 4 additions and 4 deletions
--- a/config/common/services/nginx.nix
+++ b/config/common/services/nginx.nix
@ -20,23 +20,23 @@
      map $scheme $hsts_header {
          https   "max-age=31536000; includeSubdomains; preload";
      }
-      add_header Strict-Transport-Security $hsts_header;
+      #add_header Strict-Transport-Security $hsts_header;

      # Enable CSP for your services.
      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;

      # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'same-origin';
+      #add_header 'Referrer-Policy' 'same-origin';

      # Disable embedding as a frame
      #add_header X-Frame-Options DENY;

      # Prevent injection of code in other mime types (XSS Attacks)
-      add_header X-Content-Type-Options nosniff;
+      #add_header X-Content-Type-Options nosniff;

      # Enable XSS protection of the browser.
      # May be unnecessary when CSP is configured properly (see above)
-      add_header X-XSS-Protection "1; mode=block";
+      #add_header X-XSS-Protection "1; mode=block";

      # This might create errors
      proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";