From 38e5241ec747c3c8a3a300ec84e96e49c8dcc1af Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 29 Sep 2024 15:23:23 +0200 Subject: [PATCH] install_nextcloud.sh: adjust nginx vhost configuration (Secure http header). --- install_nextcloud.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/install_nextcloud.sh b/install_nextcloud.sh index a2d2aa9..668ac60 100755 --- a/install_nextcloud.sh +++ b/install_nextcloud.sh @@ -5091,13 +5091,18 @@ server { #pagespeed off; # HTTP response headers borrowed from Nextcloud \`.htaccess\` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollowi" always; + add_header X-XSS-Protection "1; mode=block" always; + + add_header X-Download-Options "noopen" always; + add_header Permissions-Policy "geolocation=(),microphone=(),camera=()" always; + add_header Feature-Policy "geolocation none;microphone none;camera none;" always; + add_header Set-Cookie "Path=/; HttpOnly; Secure" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By;