remove duplicate Referrer-Policy headers

This commit is contained in:
Daniel Micay 2021-07-02 11:12:56 -04:00
parent 0e8b60b7fe
commit b9adc72a0c

View File

@ -104,7 +104,10 @@ http {
}
location ~ ^(/_matrix|/_synapse/client) {
# remove security headers that are statically set to the strictest possible values below
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Frame-Options;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "cross-origin" always;
add_header Content-Security-Policy "font-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'; block-all-mixed-content" always;