Skip to content
This repository has been archived by the owner on Nov 1, 2024. It is now read-only.

Commit

Permalink
Add security headers
Browse files Browse the repository at this point in the history
  • Loading branch information
wpf500 committed Sep 14, 2023
1 parent 6c6f119 commit e107e69
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,13 @@ server {
absolute_redirect off;
rewrite ^/login/?$ /auth/login permanent;

# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header Referrer-Policy "strict-origin";

# Frontend app

location ~ ^/(assets|profile|contacts|callouts|join|auth|admin|_theme) {
Expand Down

0 comments on commit e107e69

Please sign in to comment.