From 69661f200cdf7c596814d97f90f963d55ff7e7a1 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Fri, 30 Jun 2023 23:04:57 +0200 Subject: [PATCH] Update nextcloud headers --- .../services/deploy/cloud/files/config/nginx.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/playbooks/roles/services/deploy/cloud/files/config/nginx.conf b/playbooks/roles/services/deploy/cloud/files/config/nginx.conf index f27c194..6037cac 100644 --- a/playbooks/roles/services/deploy/cloud/files/config/nginx.conf +++ b/playbooks/roles/services/deploy/cloud/files/config/nginx.conf @@ -71,13 +71,13 @@ http { client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By;