From 280408a25ce8a858d2dc05c8b4a70bd900df190c Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 9 Sep 2017 11:39:37 +0200
Subject: try with extra 'security' headers

---
 etc/nginx/conf.d/talerssl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl
index cd703ec..4d8b451 100644
--- a/etc/nginx/conf.d/talerssl
+++ b/etc/nginx/conf.d/talerssl
@@ -7,7 +7,7 @@ ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
-#add_header X-XSS-Protection "1; mode=block";
-#add_header X-Frame-Options "SAMEORIGIN";
-#add_header X-Content-Type-Options "nosniff";
-#add_header Content-Security-Policy "default-src 'self'";
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'";
-- 
cgit v1.2.3