YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #661 from YunoHost/no-strict-transport-if-selfsigned-cert

Browse source 
[enh] Don't add Strict-Transport-Security header in nginx conf if using a selfsigned cert
This commit is contained in:
Alexandre Aubin 2019-02-25 00:51:53 +01:00 committed by GitHub
commit 6a7a0a819a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
data/templates/nginx/server.tpl.conf
View file

@ -51,7 +51,9 @@ server {
# Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
# https://wiki.mozilla.org/Security/Guidelines/Web_Security # https://wiki.mozilla.org/Security/Guidelines/Web_Security
# https://observatory.mozilla.org/ # https://observatory.mozilla.org/
{% if domain_cert_ca != "Self-signed" %}
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
{% endif %}
more_set_headers "Content-Security-Policy : upgrade-insecure-requests"; more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'"; more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'";
more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "X-Content-Type-Options : nosniff";