commit: bb864e96ad4e0be470da78baa000019f571e30db
parent 17bcff64456144f2f2560f01c7dfa9db44cd09c2
Author: lambda <pleromagit@rogerbraun.net>
Date: Sun, 13 May 2018 08:39:37 +0000
Merge branch 'patch-2' into 'develop'
Nginx config - secure defaults
See merge request pleroma/pleroma!146
Diffstat:
1 file changed, 10 insertions(+), 0 deletions(-)
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx
@@ -59,6 +59,16 @@ server {
}
# stop removing lines here.
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Permitted-Cross-Domain-Policies none;
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header Referrer-Policy same-origin;
+ add_header X-Download-Options noopen;
+
+ # Uncomment this only after you get HTTPS working.
+ # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
