Download:
child 231:94a41f59d566
parent 229:0b93ede3c0d1
230:271d3404185b
Anton Shestakov <av6@dwimlabs.net>, Sat, 03 Dec 2016 01:30:47 +0800
provision: more security headers

1 файлов изменено, 6 вставок(+), 3 удалений(-) [+]
contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im file | annotate | diff | comparison | revisions
--- a/contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im Sat Dec 03 01:28:43 2016 +0800
+++ b/contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im Sat Dec 03 01:30:47 2016 +0800
@@ -32,14 +32,17 @@
resolver {{ nginx_resolver }};
resolver_timeout {{ nginx_resolver_timeout }};
- # access from <frame | iframe | object>: DENY | SAMEORIGIN | ALLOW-FROM uri
- add_header X-Frame-Options 'SAMEORIGIN';
-
# HSTS: 31536000 = 365 days (set to 0 to expire and allow plain HTTP)
add_header Strict-Transport-Security 'max-age=31536000';
add_header Cache-Control private;
+ # Various security headers not related to HTTPS
+ # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection '1; mode=block';
+
access_log /var/log/nginx/{{ domain }}.access.log;
error_log /var/log/nginx/{{ domain }}.error.log;