summaryrefslogtreecommitdiff
path: root/etc/nginx/conf.d
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2017-09-09 11:39:37 +0200
committerChristian Grothoff <christian@grothoff.org>2017-09-09 11:39:37 +0200
commit280408a25ce8a858d2dc05c8b4a70bd900df190c (patch)
tree14152954760b0770abf0b3189902bfca9e26408e /etc/nginx/conf.d
parenteb2c96cd46c0400769fd68e6b0e0da4d629e11c5 (diff)
downloaddeployment-280408a25ce8a858d2dc05c8b4a70bd900df190c.tar.gz
deployment-280408a25ce8a858d2dc05c8b4a70bd900df190c.tar.bz2
deployment-280408a25ce8a858d2dc05c8b4a70bd900df190c.zip
try with extra 'security' headers
Diffstat (limited to 'etc/nginx/conf.d')
-rw-r--r--etc/nginx/conf.d/talerssl8
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl
index cd703ec..4d8b451 100644
--- a/etc/nginx/conf.d/talerssl
+++ b/etc/nginx/conf.d/talerssl
@@ -7,7 +7,7 @@ ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
-#add_header X-XSS-Protection "1; mode=block";
-#add_header X-Frame-Options "SAMEORIGIN";
-#add_header X-Content-Type-Options "nosniff";
-#add_header Content-Security-Policy "default-src 'self'";
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'";
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-09 14:19:30 +0000