Matrix-Mirrors/matrix.grapheneos.org
1
0
Fork 0
mirror of https://github.com/GrapheneOS/matrix.grapheneos.org.git synced 2025-08-18 19:07:47 -04:00
Code Issues Projects Releases Packages Wiki Activity

set up COEP and CORP headers

Browse source
This commit is contained in:
Daniel Micay 2021-06-18 20:20:50 -04:00
parent 87d3dff258
commit 444ad1a982
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nginx/nginx.conf
View file

@ -89,6 +89,7 @@ http {
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Content-Security-Policy "script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY";
@ -101,6 +102,7 @@ http {
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "cross-origin" always;
add_header Content-Security-Policy "script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
add_header X-Frame-Options "DENY";
@ -129,6 +131,7 @@ http {
root /usr/share/webapps/element;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; block-all-mixed-content";
# obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
add_header X-Frame-Options "SAMEORIGIN";