Skip to content

Commit

Permalink
Add more security headers to nginx configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
flavioheleno committed May 18, 2023
1 parent 1f35cda commit ddd4448
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion docker/nginx/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ server {
try_files $uri @php;

# security headers
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Content-Security-Policy "default-src 'self' https: wss: data: blob:; frame-ancestors 'self';" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Permissions-Policy "autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(self), usb=()" always;

location ~* \.(css|png|ico|webmanifest|eot|svg|ttf|woff|woff2|txt|jpg|jpeg|gif|webp)$ {
try_files $uri /index.php$is_args$args;
Expand Down

0 comments on commit ddd4448

Please sign in to comment.