YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Adapt nginx configuration to avoid double headers due to core change (8cb029a55e)

Browse source
This commit is contained in:
Jimmy Monin 2019-02-07 21:41:32 +01:00
parent 94087e89d5
commit c3480daae6
1 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
conf/nginx.conf
View file

@ -13,23 +13,23 @@ location ^~ __PATH__ {
}
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Referrer-Policy: no-referrer";
# Set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Extend timeouts
client_body_timeout 60m;
proxy_read_timeout 60m;
fastcgi_read_timeout 60m;
# Disable gzip to avoid the removal of the ETag header
gzip off;
@ -78,15 +78,15 @@ location ^~ __PATH__ {
# Adding the cache control header for js and css files
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
more_set_headers "Cache-Control: public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
more_set_headers "Strict-Transport-Security: max-age=15768000";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Referrer-Policy: no-referrer";
# Optional: Don't log access to assets
access_log off;