set security headers for Matrix client metadata

2021-06-21 03:49:39 -04:00
parent 092932a12d
commit 4f829a530b
1 changed files with 2 additions and 0 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -221,6 +221,8 @@ http {
        }

        location = /.well-known/matrix/client {
+            include snippets/security-headers.conf;
+            add_header Cross-Origin-Resource-Policy "cross-origin" always;
            add_header Access-Control-Allow-Origin "*";
            default_type application/json;
        }