YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Forgot to check that these headers are different from the default in security.conf ... maybe we want to keep them as is? Not clear why they have different values tan the domain configs...

Browse source
This commit is contained in:
Alexandre Aubin 2020-04-06 16:56:53 +02:00
parent 4d99cbe870
commit 22b9565eb7
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
data/templates/nginx/yunohost_admin.conf
View file

@ -20,6 +20,10 @@ server {
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem; ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem; ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
more_set_headers "Referrer-Policy : 'same-origin'";
more_set_headers "Content-Security-Policy : upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
location / { location / {
return 302 https://$http_host/yunohost/admin; return 302 https://$http_host/yunohost/admin;
} }