nune/privatebin-docker-nginx-fpm-alpine
nune/privatebin-docker-nginx-fpm-alpine
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

move headers to static location block, makes fastcgi_hide_header unnecessary

Browse source
This commit is contained in:
El RIDO 2021-10-14 19:27:04 +02:00
parent 25abb55cd0
commit 4afa86cb3e
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
1 changed files with 15 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

36
etc/nginx/http.d/site.conf
View file

@ -5,19 +5,22 @@ server {
root /var/www;
index index.php index.html index.htm;
# no-transform tells Cloudflare and others to not change the content of
# the file and thus breaking SRI.
# https://developers.cloudflare.com/cache/about/cache-control#other
add_header Cache-Control "public, max-age=3600, must-revalidate, no-transform";
add_header Cross-Origin-Embedder-Policy require-corp;
add_header Cross-Origin-Resource-Policy same-origin;
add_header Cross-Origin-Opener-Policy same-origin;
add_header Referrer-Policy no-referrer;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
location / {
# no-transform tells Cloudflare and others to not change the content of
# the file and thus breaking SRI.
# https://developers.cloudflare.com/cache/about/cache-control#other
add_header Cache-Control "public, max-age=3600, must-revalidate, no-transform";
add_header Cross-Origin-Embedder-Policy require-corp;
add_header Cross-Origin-Opener-Policy same-origin;
add_header Cross-Origin-Resource-Policy same-origin;
# opt-out of Google FloC
# https://developer.chrome.com/blog/floc/#how-can-websites-opt-out-of-the-floc-computation
add_header Permissions-Policy interest-cohort=();
add_header Referrer-Policy no-referrer;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
include /etc/nginx/location.d/*.conf;
try_files $uri $uri/ /index.php$is_args$args;
}
@ -29,15 +32,6 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header Cache-Control;
fastcgi_hide_header Cross-Origin-Embedder-Policy;
fastcgi_hide_header Cross-Origin-Resource-Policy;
fastcgi_hide_header Cross-Origin-Opener-Policy;
fastcgi_hide_header Referrer-Policy;
fastcgi_hide_header X-Content-Type-Options;
fastcgi_hide_header X-Frame-Options;
fastcgi_hide_header X-XSS-Protection;
# Prevent exposing nginx + version to $_SERVER
fastcgi_param SERVER_SOFTWARE "";
}