Merge branch 'dev'

author: Pitu <[email protected]> 2021-01-04 01:04:20 +0900
committer: Pitu <[email protected]> 2021-01-04 01:04:20 +0900
commit: fcd39dc550dec8dbcb8325e07e938c5024cbc33d (patch)
tree: f41acb4e0d5fd3c3b1236fe4324b3fef9ec6eafe /docker/nginx/nginxconfig.io/security.conf
parent: Create FUNDING.yml (diff)
parent: chore: update todo (diff)
download: host.fuwn.me-fcd39dc550dec8dbcb8325e07e938c5024cbc33d.tar.xz
host.fuwn.me-fcd39dc550dec8dbcb8325e07e938c5024cbc33d.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/docker/nginx/nginxconfig.io/security.conf b/docker/nginx/nginxconfig.io/security.conf
new file mode 100644
index 0000000..03b1ef6
--- /dev/null
+++ b/docker/nginx/nginxconfig.io/security.conf
@@ -0,0 +1,12 @@
+# security headers
+add_header X-Frame-Options           "SAMEORIGIN" always;
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+# . files
+location ~ /\.(?!well-known) {
+    deny all;
+}
author	Pitu <[email protected]>	2021-01-04 01:04:20 +0900
committer	Pitu <[email protected]>	2021-01-04 01:04:20 +0900
commit	fcd39dc550dec8dbcb8325e07e938c5024cbc33d (patch)
tree	f41acb4e0d5fd3c3b1236fe4324b3fef9ec6eafe /docker/nginx/nginxconfig.io/security.conf
parent	Create FUNDING.yml (diff)
parent	chore: update todo (diff)
download	host.fuwn.me-fcd39dc550dec8dbcb8325e07e938c5024cbc33d.tar.xz host.fuwn.me-fcd39dc550dec8dbcb8325e07e938c5024cbc33d.zip