titanz/NGINX-Configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Note X-Frame-Options obsolesence

Browse Source
This commit is contained in:
Tommy
2025-01-03 09:28:28 -07:00
committed by GitHub
parent 65459ad784
commit 111a568c6e
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
etc/nginx/snippets/security.conf
View File

@@ -10,13 +10,15 @@ add_header Referrer-Policy "same-origin" always;
proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "SAMEORIGIN" always;
proxy_hide_header X-Permitted-Cross-Domain-Policies; proxy_hide_header X-Permitted-Cross-Domain-Policies;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
# Obsolete and replaced by Content-Security-Policy frame-ancestors
# Setting the less restrictive SAMEORIGIN here, has frame-ancestors 'none' will overwrite it anyways
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "SAMEORIGIN" always;
# Obsolete and replaced by Content-Security-Policy # Obsolete and replaced by Content-Security-Policy
# Only here to pass Hardenize checks # Only here to pass Hardenize checks
proxy_hide_header X-XSS-Protection; proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection "0" always; add_header X-XSS-Protection "0" always;