chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Add hardened headers to user-uploaded files

Browse source
This commit is contained in:
Claire 2023-06-21 14:18:04 +02:00
commit c309011346
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
dist/nginx.conf vendored
View file

@ -61,12 +61,15 @@ server {
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Content-Type-Options nosniff;
try_files $uri @proxy;
}