Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00
Code Issues Projects Releases Wiki Activity

csp is only for web vault

Browse Source
This commit is contained in:
Kyle Spearrin 2018-07-20 14:11:20 -04:00
parent 45db73c6e1
commit 0070d23dab
1 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
util/Setup/NginxConfigBuilder.cs
View File

@ -141,24 +141,15 @@ server {{
} }
sw.WriteLine($@" sw.WriteLine($@"
# X-Frame-Options is to prevent from click-jacking attack # Security headers
#add_header X-Frame-Options SAMEORIGIN; #add_header X-Frame-Options SAMEORIGIN;
# Disable content-type sniffing on some browsers.
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter
add_header X-XSS-Protection ""1; mode=block""; add_header X-XSS-Protection ""1; mode=block"";
# This header controls what referrer information is shared
add_header Referrer-Policy same-origin; add_header Referrer-Policy same-origin;
# Content-Security-Policy to prevent malicious XSS code
add_header Content-Security-Policy ""{ContentSecurityPolicy}"";");
sw.WriteLine($@"
location / {{ location / {{
proxy_pass http://web:5000/; proxy_pass http://web:5000/;
add_header Content-Security-Policy ""{ContentSecurityPolicy}"";
}} }}
location = /app-id.json {{ location = /app-id.json {{