From 4276a187a05c01378cd4574f7a09bcff30a9f00f Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Fri, 9 Feb 2018 16:24:16 +0100
Subject: [PATCH] [enh] Comment with the URL of the Mozilla Directives

---
 data/templates/nginx/server.tpl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index d5356fd6a..ac2ff8486 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -42,6 +42,9 @@ server {
     # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
     #ssl_dhparam /etc/ssl/private/dh2048.pem;
 
+    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
+    # https://wiki.mozilla.org/Security/Guidelines/Web_Security
+    # https://observatory.mozilla.org/ 
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
     add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
     add_header X-Content-Type-Options nosniff;