Add missing security headers to docker-compose nginx config

Align frontend/nginx.conf with the root nginx.conf by adding
X-Frame-Options, X-Content-Type-Options, X-XSS-Protection,
and Referrer-Policy headers.
This commit is contained in:
Pier-Jean Malandrino 2026-04-03 13:02:24 +02:00
parent ac4a98e204
commit c28f734e71

View file

@ -4,6 +4,12 @@ server {
root /usr/share/nginx/html;
index index.html;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location / {
try_files $uri $uri/ /index.html;
}