hoellen/docker-nextcloud
1
0
Fork 0
mirror of https://github.com/hoellen/docker-nextcloud.git synced 2025-04-19 20:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #38 from yeoldegrove/master

Browse Source 
add_header Referrer-Policy "no-referrer" always
This commit is contained in:
Wonderfall 2018-12-05 20:00:07 +01:00 committed by GitHub
commit ccab38ea56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rootfs/nginx/sites-enabled/nginx.conf
View File

@ -4,12 +4,15 @@ server {
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
# https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#serve-security-related-headers-by-the-web-server
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy "no-referrer" always;
location = /robots.txt { location = /robots.txt {
allow all; allow all;