From 821f80b79e1d75a9c685df796ecc2d83e1b974cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?E=CC=81ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Thu, 21 Dec 2023 13:01:37 +0100
Subject: [PATCH] Update nginx.conf

---
 conf/nginx.conf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index fd10ccf..9495bc6 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -5,11 +5,11 @@ set $api_domain "__DOMAIN__";
 set $files_domain "__DOMAIN__";
 ssl_ecdh_curve secp384r1;
 
-add_header "X-XSS-Protection: '1; mode=block'";
-add_header "X-Content-Type-Options: nosniff";
-add_header "Access-Control-Allow-Origin: '${allowed_origins}'";
-add_header "Access-Control-Allow-Credentials: true;
-# add_header "X-Frame-Options: 'SAMEORIGIN'";
+more_set_headers "X-XSS-Protection: 1; mode=block";
+more_set_headers "X-Content-Type-Options: nosniff";
+more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
+more_set_headers "Access-Control-Allow-Credentials: true";
+# more_set_headers "X-Frame-Options: SAMEORIGIN";
 
 # Enable SharedArrayBuffer in Firefox (for .xlsx export)
 more_set_headers "Cross-Origin-Resource-Policy: cross-origin";