Add missing security headers to docker-compose nginx config
Align frontend/nginx.conf with the root nginx.conf by adding X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, and Referrer-Policy headers.
This commit is contained in:
parent
ac4a98e204
commit
c28f734e71
1 changed files with 6 additions and 0 deletions
|
|
@ -4,6 +4,12 @@ server {
|
|||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
|
||||
# Security headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue