Content security

main
Bob Mottram 2023-05-30 10:56:44 +01:00
parent a191e0b6e8
commit ebad3f4769
2 changed files with 2 additions and 0 deletions

View File

@ -352,6 +352,7 @@ echo "Creating nginx virtual host for http://${I2P_DOMAIN}"
echo ' gzip_proxied expired no-cache no-store private auth;';
echo ' gzip_types gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;';
echo '';
echo " add_header Content-Security-Policy \"script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline'\";";
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Download-Options noopen;';

View File

@ -274,6 +274,7 @@ echo "Creating nginx virtual host for ${ONION_DOMAIN}"
echo ' gzip_proxied expired no-cache no-store private auth;';
echo ' gzip_types gzip_types text/plain text/css text/vcard text/vcard+xml application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;';
echo '';
echo " add_header Content-Security-Policy \"script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline'\";";
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Download-Options noopen;';