machankura/mempool
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add HTTP security headers to production nginx.conf

Browse Source
This commit is contained in:
wiz 2020-07-04 17:56:54 +09:00
parent 2ebdb27dcb
commit ae4eb22db9
No known key found for this signature in database
GPG Key ID: A394E332255A6173
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
production/nginx.conf
View File

@ -141,6 +141,24 @@ http {
index index.html index.htm index.nginx-debian.html; index index.html index.htm index.nginx-debian.html;
server_name mempool.space; # managed by Certbot server_name mempool.space; # managed by Certbot
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "ALLOW-FROM https://mempool.space";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "ALLOW-FROM https://wiz.biz";
}
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
location / { location / {
try_files $uri $uri/ /index.html =404; try_files $uri $uri/ /index.html =404;
} }