From 4b9c57d1e469b00674bc8b075dc2bcce2979395c Mon Sep 17 00:00:00 2001 From: Kaloyan Nikolov Date: Thu, 18 Apr 2024 18:33:39 +0300 Subject: [PATCH] Add missing headers to fpm config Signed-off-by: Kaloyan Nikolov --- .../docker-compose/insecure/mariadb/fpm/web/nginx.conf | 6 ++++++ .../docker-compose/insecure/postgres/fpm/web/nginx.conf | 6 ++++++ .../with-nginx-proxy/mariadb/fpm/web/nginx.conf | 6 ++++++ .../with-nginx-proxy/postgres/fpm/web/nginx.conf | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf index e486b881..c7dcbc95 100644 --- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf @@ -166,6 +166,12 @@ http { location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf index e486b881..c7dcbc95 100644 --- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf @@ -166,6 +166,12 @@ http { location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf index f69ddc5e..f574bde0 100644 --- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf @@ -166,6 +166,12 @@ http { location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf index c1e11d93..dccb37f6 100644 --- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf +++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf @@ -166,6 +166,12 @@ http { location ~ \.(?:css|svg|js|mjs|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ {