We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
See the issues:
www.
Long term: cleanup the nginx file and make use of files to include default headers, so the same defaults are not repeated all over the file.
and PR's:
So:
de-duplicate all 'default' headers in separate files:
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Lines 16 to 21 in f15c239
Lines 169 to 171 in f15c239
csp.header.template
add_header Content-Security-Policy "base-uri 'self' https://*.${INTERNETNL_DOMAINNAME}; form-action 'self' https://*.${INTERNETNL_DOMAINNAME}; frame-ancestors 'none'; default-src 'self' https://*.${INTERNETNL_DOMAINNAME}";
include http.headers; include hsts.header; include csp.header;
don't quote nginx header names (but it might be a style choice to discuss?), this is valid:
add_header X-Frame-Options SAMEORIGIN always; add_header X-Content-Type-Options nosniff always; add_header X-Clacks-Overhead 'GNU Terry Pratchett' always; add_header Referrer-Policy same-origin always; add_header X-XSS-Protection '1; mode=block' always; add_header Strict-Transport-Security max-age=63072000 always;
add regex save domain names (for nginx)
fix all regex domains (WIP Nginx more specific server_name #1179)
remove location regex where possible, e.g.:
Line 145 in f15c239
location /
set HSTS only in nginx (since it needs to be done in nginx, also doing it in django is an extra config)
Internet.nl/internetnl/settings.py
Lines 53 to 54 in f15c239
Line 189 in f15c239
Line 193 in f15c239
Lines 68 to 69 in f15c239
Lines 108 to 109 in f15c239
The text was updated successfully, but these errors were encountered:
No branches or pull requests
See the issues:
www.
-instance not 100% - missing HSTS #1210:and PR's:
So:
de-duplicate all 'default' headers in separate files:
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Lines 16 to 21 in f15c239
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Lines 169 to 171 in f15c239
currently not in the nginx.conf, the
csp.header.template
should probably be:don't quote nginx header names (but it might be a style choice to discuss?), this is valid:
add regex save domain names (for nginx)
fix all regex domains (WIP Nginx more specific server_name #1179)
remove location regex where possible, e.g.:
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Line 145 in f15c239
can be simplified to
location /
set HSTS only in nginx (since it needs to be done in nginx, also doing it in django is an extra config)
Internet.nl/internetnl/settings.py
Lines 53 to 54 in f15c239
Internet.nl/internetnl/settings.py
Line 189 in f15c239
Internet.nl/internetnl/settings.py
Line 193 in f15c239
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Lines 68 to 69 in f15c239
Internet.nl/docker/webserver/nginx_templates/app.conf.template
Lines 108 to 109 in f15c239
The text was updated successfully, but these errors were encountered: