YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[Fix] Add CSP in Admin conf

Browse source
This commit is contained in:
frju365 2017-12-29 18:25:17 +01:00 committed by GitHub
parent 95835118bd
commit 804d0b29c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
data/templates/nginx/plain/yunohost_admin.conf
View file

@ -38,7 +38,8 @@ server {
#ssl_dhparam /etc/ssl/private/dh2048.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header 'Referrer-Policy' 'no-referrer';
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options noopen;