From c8ccaf2fc8ec8c5e10f6bd2dc63b0dcc7f79452d Mon Sep 17 00:00:00 2001 From: Jarold Wong Date: Wed, 3 Apr 2024 14:58:02 -0700 Subject: [PATCH] update security headers --- nginx.conf | 7 +++++++ vendor/css/neon.css | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 739a033b4..2570ed9db 100644 --- a/nginx.conf +++ b/nginx.conf @@ -25,6 +25,8 @@ http { #gzip on; + server_tokens off; + server { listen 80; server_name localhost; @@ -36,6 +38,11 @@ http { root /usr/share/nginx/html; index index.html index.htm; + add_header Cache-Control "no-cache"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + add_header X-Content-Type-Options "nosniff"; + rewrite ^/admin(.*)(?