Harden protection against XSS attacks

This commit is contained in:
coolneng 2022-10-23 10:53:09 +02:00
parent bc5c561775
commit 801bc6f07d
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
1 changed files with 3 additions and 4 deletions

View File

@ -18,13 +18,12 @@
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
# Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";