NGINX headers for security audit
This commit is contained in:
parent
45e4e791a5
commit
3909bbcfc0
|
@ -74,6 +74,7 @@ http {
|
|||
add_header X-Content-Type-Options nosniff always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
|
||||
# upstreams
|
||||
set $apps ${APPS_UPSTREAM_URL};
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit c167c331ff9b8161fc18e2ecbaaf1ea5815ba964
|
||||
Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0
|
Loading…
Reference in New Issue