From e7394041ab8629cc1253738adda42402a52c1d73 Mon Sep 17 00:00:00 2001
From: DQ <dengq@vmware.com>
Date: Fri, 20 Sep 2019 16:11:39 +0800
Subject: [PATCH] Add headers in nginx config file

extra headered added in https and http config

Signed-off-by: DQ <dengq@vmware.com>
---
 make/photon/prepare/templates/nginx/nginx.http.conf.jinja  | 4 ++++
 make/photon/prepare/templates/nginx/nginx.https.conf.jinja | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/make/photon/prepare/templates/nginx/nginx.http.conf.jinja b/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
index 09e1f4346..e80d6e9fd 100644
--- a/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.http.conf.jinja
@@ -39,6 +39,10 @@ http {
     # disable any limits to avoid HTTP 413 for large image uploads
     client_max_body_size 0;
 
+    # Add extra headers
+    add_header X-Frame-Options DENY;
+    add_header Content-Security-Policy "frame-ancestors 'none'";
+
     # costumized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
     include /etc/nginx/conf.d/harbor.http.*.conf;
 
diff --git a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
index e4ac93078..fd4fe94b7 100644
--- a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
+++ b/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
@@ -56,6 +56,11 @@ http {
     # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
     chunked_transfer_encoding on;
 
+    # Add extra headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+    add_header X-Frame-Options DENY;
+    add_header Content-Security-Policy "frame-ancestors 'none'";
+  
     # costumized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
     include /etc/nginx/conf.d/harbor.https.*.conf;