added no referrer header and cleaned up other files

NginxRocks · Apr 3, 2018 · e267768 · e267768
1 parent f0d19b9
commit e267768
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 18 deletions.
diff --git a/include/apicontentsecurity.conf b/include/apicontentsecurity.conf
diff --git a/include/hsts.conf b/include/hsts.conf
diff --git a/include/security/acao-star.conf b/include/security/acao-star.conf
@@ -0,0 +1 @@
+add_header Access-Control-Allow-Origin '*' always;
diff --git a/include/security/apicontentsecurity.conf b/include/security/apicontentsecurity.conf
@@ -0,0 +1,13 @@
+# Content-Security-Policy
+#     default-src 'self';
+#     connect-src * data: blob: filesystem:;
+#     style-src 'self' data: chrome-extension-resource: 'unsafe-inline';
+#     img-src 'self' data: chrome-extension-resource:;
+#     frame-src 'self' data: chrome-extension-resource:;
+#     font-src 'self' data: chrome-extension-resource:;
+#     media-src * data: blob: filesystem:;
+add_header Content-Security-Policy 'default-src self * unsafe-inline ; script-src * self unsafe-inline ; upgrade-insecure-requests;' always;
+
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-XSS-Protection "1; mode=block" always;
diff --git a/include/security/expectct.conf b/include/security/expectct.conf
@@ -0,0 +1,5 @@
+# Expect-CT: report-uri="<uri>";
+#            enforce;
+#            max-age=<age>
+
+add_header Expect-CT 'max-age=0; report-uri="https://1337.report-uri.com/r/d/ct/enforce"' always;
diff --git a/include/hpkp.conf → include/security/hpkp.conf b/include/hpkp.conf → include/security/hpkp.conf
@@ -16,4 +16,4 @@
 #	max-age=15552000; includeSubDomains; report-uri="https://secureobscure.report-uri.io/r/default/hpkp/enforce"';
 
 # Compressed into one line:
-add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU="; max-age=15552000; includeSubDomains;"' always;
+add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU="; max-age=15552000; includeSubDomains; report-uri="https://1337.report-uri.com/r/d/hpkp/enforce"' always;
diff --git a/include/security/hsts.conf b/include/security/hsts.conf
@@ -0,0 +1,5 @@
+# Strict-Transport-Security: max-age=<expire-time>
+# Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
+# Strict-Transport-Security: max-age=<expire-time>; preload
+
+add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains; preload' always;
diff --git a/include/security/no-referer.conf b/include/security/no-referer.conf
@@ -0,0 +1 @@
+add_header Referrer-Policy 'no-referrer' always;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		add_header Access-Control-Allow-Origin '*' always;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		add_header Referrer-Policy 'no-referrer' always;