From 06d65f7fe81aae07c0fb77bb8eb3eef8d4df1664 Mon Sep 17 00:00:00 2001
From: yeoldegrove <git@yeoldegrove.de>
Date: Mon, 29 Oct 2018 15:11:39 +0100
Subject: [PATCH 1/2] added links to owncloud documentation

---
 rootfs/nginx/sites-enabled/nginx.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rootfs/nginx/sites-enabled/nginx.conf b/rootfs/nginx/sites-enabled/nginx.conf
index 2fb1549..af3fa1b 100644
--- a/rootfs/nginx/sites-enabled/nginx.conf
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@@ -3,8 +3,10 @@ server {
         root /nextcloud;
         
         fastcgi_buffers 64 4K;
-        
+
+        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security
         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
+        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#serve-security-related-headers-by-the-web-server
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Robots-Tag none;

From 1bf7360aa64e748af0bd0a5e325c9f1166841a29 Mon Sep 17 00:00:00 2001
From: yeoldegrove <git@yeoldegrove.de>
Date: Mon, 29 Oct 2018 15:12:32 +0100
Subject: [PATCH 2/2] added "add_header Referrer-Policy "no-referrer" always;"
 as per official docs

---
 rootfs/nginx/sites-enabled/nginx.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rootfs/nginx/sites-enabled/nginx.conf b/rootfs/nginx/sites-enabled/nginx.conf
index af3fa1b..352ec3c 100644
--- a/rootfs/nginx/sites-enabled/nginx.conf
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@@ -12,6 +12,7 @@ server {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy "no-referrer" always;
 
         location = /robots.txt {
             allow all;