Browse Source

Unblock some header options, because this is fundamentally cross-site #69

Bob Mottram 7 years ago
parent
commit
e4734b6ef7
1 changed files with 10 additions and 3 deletions
  1. 10
    3
      src/freedombone-app-fedwiki

+ 10
- 3
src/freedombone-app-fedwiki View File

@@ -268,9 +268,10 @@ function fedwiki_setup_web {
268 268
         function_check nginx_ssl
269 269
         nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
270 270
 
271
-        function_check nginx_disable_sniffing
272
-        nginx_disable_sniffing $FEDWIKI_DOMAIN_NAME
273
-
271
+        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
272
+        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
273
+        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
274
+        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
274 275
         echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
275 276
         echo '' >> $fedwiki_nginx_file
276 277
         echo '  location / {' >> $fedwiki_nginx_file
@@ -281,6 +282,7 @@ function fedwiki_setup_web {
281 282
         echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
282 283
         echo '  }' >> $fedwiki_nginx_file
283 284
         echo '}' >> $fedwiki_nginx_file
285
+        echo '' >> $fedwiki_nginx_file
284 286
     else
285 287
         echo -n '' > $fedwiki_nginx_file
286 288
     fi
@@ -288,6 +290,11 @@ function fedwiki_setup_web {
288 290
     echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
289 291
     echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
290 292
     echo '' >> $fedwiki_nginx_file
293
+    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
294
+    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
295
+    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
296
+    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
297
+    echo '' >> $fedwiki_nginx_file
291 298
     echo '  location / {' >> $fedwiki_nginx_file
292 299
     echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
293 300
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file