install_nextcloud.sh: adjust nginx vhost configuration (Secure http header).

2024-09-29 15:23:23 +02:00 · 2024-09-29 15:23:23 +02:00 · 38e5241ec7
commit 38e5241ec7
parent af72080472
1 changed files with 12 additions and 7 deletions
--- a/install_nextcloud.sh
+++ b/install_nextcloud.sh
@ -5091,13 +5091,18 @@ server {
   #pagespeed off;

   # HTTP response headers borrowed from Nextcloud \`.htaccess\`
-   add_header Referrer-Policy                      "no-referrer"   always;
-   add_header X-Content-Type-Options               "nosniff"       always;
-   add_header X-Download-Options                   "noopen"        always;
-   add_header X-Frame-Options                      "SAMEORIGIN"    always;
-   add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-   add_header X-Robots-Tag                         "none"          always;
-   add_header X-XSS-Protection                     "1; mode=block" always;
+   add_header Referrer-Policy                      "no-referrer"                                     always;
+   add_header X-Content-Type-Options               "nosniff"                                         always;
+   add_header X-Download-Options                   "noopen"                                          always;
+   add_header X-Frame-Options                      "SAMEORIGIN"                                      always;
+   add_header X-Permitted-Cross-Domain-Policies    "none"                                            always;
+   add_header X-Robots-Tag                         "noindex, nofollowi"                              always;
+   add_header X-XSS-Protection                     "1; mode=block"                                   always;
+
+   add_header X-Download-Options                   "noopen"                                          always;
+   add_header Permissions-Policy                   "geolocation=(),microphone=(),camera=()"          always;
+   add_header Feature-Policy                       "geolocation none;microphone none;camera none;"   always;
+   add_header Set-Cookie                           "Path=/; HttpOnly; Secure"                        always;

   # Remove X-Powered-By, which is an information leak
   fastcgi_hide_header X-Powered-By;