From c28f734e7170de59e02ba677ffa813789c4e1947 Mon Sep 17 00:00:00 2001 From: Pier-Jean Malandrino Date: Fri, 3 Apr 2026 13:02:24 +0200 Subject: [PATCH] Add missing security headers to docker-compose nginx config Align frontend/nginx.conf with the root nginx.conf by adding X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, and Referrer-Policy headers. --- frontend/nginx.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/frontend/nginx.conf b/frontend/nginx.conf index 515b230..e6bc5de 100644 --- a/frontend/nginx.conf +++ b/frontend/nginx.conf @@ -4,6 +4,12 @@ server { root /usr/share/nginx/html; index index.html; + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + location / { try_files $uri $uri/ /index.html; }