From f3d4b149c995c37340fe27ab9e9ba4c077359ea3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?E=CC=81ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Sun, 8 Oct 2023 21:22:15 +0200
Subject: [PATCH] Update nginx.conf

---
 conf/nginx.conf | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index f2a5a47..b3d3525 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -21,18 +21,9 @@ location ^~ __PATH__/ {
   # Path to source
   alias __INSTALL_DIR__/;
 
-  # Add headers to serve security related headers
-  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
-  more_set_headers "Referrer-Policy: no-referrer";
-  more_set_headers "X-Content-Type-Options: nosniff";
-  more_set_headers "X-Download-Options: noopen";
-  more_set_headers "X-Frame-Options: SAMEORIGIN";
-  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
-  more_set_headers "X-Robots-Tag: noindex, nofollow";
-  more_set_headers "X-XSS-Protection: 1; mode=block";
-
   # Set max upload size
   client_max_body_size 10G;
+  client_body_timeout 300s;
   fastcgi_buffers 64 4K;
 
   # Enable gzip but do not remove ETag headers
@@ -52,6 +43,16 @@ location ^~ __PATH__/ {
   # for tunning hints
   client_body_buffer_size 512k;
 
+  # Add headers to serve security related headers
+  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
+  more_set_headers "Referrer-Policy: no-referrer";
+  more_set_headers "X-Content-Type-Options: nosniff";
+  more_set_headers "X-Download-Options: noopen";
+  more_set_headers "X-Frame-Options: SAMEORIGIN";
+  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+  more_set_headers "X-Robots-Tag: noindex, nofollow";
+  more_set_headers "X-XSS-Protection: 1; mode=block";
+
   # Remove X-Powered-By, which is an information leak
   fastcgi_hide_header X-Powered-By;