security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

expand same-origin CORP header usage

Browse Source
This commit is contained in:
Daniel Micay 2021-03-31 14:50:36 -04:00
parent 797a66ccff
commit 42c521e38b
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nginx/nginx.conf
View File

@ -88,6 +88,7 @@ http {
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
return 301 https://grapheneos.org$request_uri;
}
@ -100,6 +101,7 @@ http {
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
return 302 https://github.com/GrapheneOS/Vanadium;
}
@ -211,12 +213,14 @@ http {
location = /404 {
internal;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
include snippets/preload.conf;
}
location = /404.html {
internal;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
include snippets/preload.conf;
}
@ -232,6 +236,7 @@ http {
location ~ "\.css$" {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cache-Control "public, max-age=31536000, immutable";
}
@ -242,6 +247,7 @@ http {
location ~ "\.woff2$" {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cache-Control "public, max-age=31536000, immutable";
gzip_static off;
brotli_static off;
@ -300,6 +306,7 @@ http {
root /srv/mta-sts;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
}
server {