yogsototh/sophia.events
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move Security Header to https server

Browse source
This commit is contained in:
Luc Juggery 2018-02-03 17:34:41 +01:00
parent cc7f4e8116
commit e14c29dfea
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
conf/nginx.conf
View file

@ -18,11 +18,6 @@ http {
server www; server www;
} }
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
server { server {
listen 80; listen 80;
server_name sophia.events; server_name sophia.events;
@ -40,6 +35,10 @@ http {
ssl_session_cache shared:SSL:20m; ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h; ssl_session_timeout 4h;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;