mirror of
https://github.com/ArcticFoxes-net/Synapse-Docker-Compose.git
synced 2024-10-01 08:25:44 -04:00
Fix security headers
This commit is contained in:
parent
9adff8c49b
commit
e2eea3c59f
@ -14,6 +14,7 @@ server {
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
@ -21,8 +22,6 @@ server {
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
|
||||
|
||||
set $upstream_app element;
|
||||
set $upstream_port 80;
|
||||
set $upstream_proto http;
|
||||
|
@ -14,6 +14,7 @@ server {
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self', upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
@ -21,8 +22,6 @@ server {
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src *; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self'";
|
||||
|
||||
set $upstream_app matrix-to;
|
||||
set $upstream_port 5000;
|
||||
set $upstream_proto http;
|
||||
|
@ -28,7 +28,6 @@ ssl_trusted_certificate /config/keys/cert.crt;
|
||||
|
||||
# Optional additional headers
|
||||
#add_header Cache-Control "no-transform" always;
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src * https:; font-src 'self'; img-src https: blob: data:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
|
||||
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
Loading…
Reference in New Issue
Block a user