Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

csp is only for web vault

Browse Source
This commit is contained in:
Kyle Spearrin 2018-07-20 14:11:20 -04:00
parent 45db73c6e1
commit 0070d23dab
1 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
util/Setup/NginxConfigBuilder.cs
View File

@ -141,24 +141,15 @@ server {{
}
sw.WriteLine($@"
# X-Frame-Options is to prevent from click-jacking attack
# Security headers
#add_header X-Frame-Options SAMEORIGIN;
# Disable content-type sniffing on some browsers.
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter
add_header X-XSS-Protection ""1; mode=block"";
# This header controls what referrer information is shared
add_header Referrer-Policy same-origin;
# Content-Security-Policy to prevent malicious XSS code
add_header Content-Security-Policy ""{ContentSecurityPolicy}"";");
sw.WriteLine($@"
location / {{
proxy_pass http://web:5000/;
add_header Content-Security-Policy ""{ContentSecurityPolicy}"";
}}
location = /app-id.json {{