diff --git a/conf/nginx.conf b/conf/nginx.conf index 069cb83..fabc31b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,12 +13,12 @@ location __PATH__/ { client_max_body_size 30m; # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ { # Le contenu statique, est signalé au navigateur comme étant